In case the erroneous token is unprintable, e.g. a control character,print its hex value instead.
Include the necessary header for isprint to avoid an implicitfunction declaration:
policy_scan.l: In function ‘yyerror’:policy_scan.l:342:13: warning: implicit declaration of function ‘isprint’ [-Wimplicit-function-declaration]342 | if {| ^~~~~~~policy_scan.l:36:1: note: include ‘’ or provide a declaration of ‘isprint’35 | #include y.tab.h+++ |+#include36 | #endif
This does not currently break the build cause -Werror is stripped forthe parsing code to avoid breakage on old flex/bison versions that mightnot generate warning free code.
The special error value YYerror is only available since bison 3.6. For example the version used by oss-fuzz does notsupport it.
Use a special token in case YYerror is not available. Only downside isa duplicate error message, one from the manual yyerror.
Free the temporary bounds type in the error branches.
Free the ebitmaps inside the rolesets on error.
Close the input file and free all memory by the queue and lexer on asyntax or parse error.
Inform bison about an invalid character by returning YYerror, so theparser can cleanup internal state and return the failure via yyparse.Currently the error is only observable via the global variablepolicydb_errors, which needs to be checked separately.
Free the two identifiers on an invalid typebounds in the error branch,similar to the success branch.
The passed expression needs to be transferred into the policy or free'dby the sink functions define_constraint.
Free identifiers removed from the queue but not yet owned by the policyon errors.
The lower 64 bits of the subnet prefix for an ibpkeycon rule shouldall be 0's. Unfortunately the check uses the s6_addr macro which refersto the 16 entry array of 8-bit values in the union and does not referto the correct bits.
Use the s6_addr32 macro instead which refers to the 4 entry array of32-bit values in the union and refers to the lower 64 bits.
If declare_symbol returns 1 the id and the datum are already definedand not consumed by the function, so it they must be free'd by thecaller.
Example policy :
class s sid e class s{i}optional{require{bool K;}bool K true;
Example policy generated by fuzzer:
class ssid kclass s { i }optional{require{attribute i;}}type m;typealias m alias i;
typeai
When a user is created in an optional block, a user datum is addedto both the avrule_decl's symtab and the policydb's symtab, butthe semantic MLS information is only added to the avrule_decl'suser datum. This causes an error to occur during policy expansionwhen user_copy_callback is called. If this error did not occurthen the policydb's user datum would be written without any MLSinfo and the policy would fail validation when read later.
When creating a user datum, search for a user datum with the samekey in the policydb's symtab. If that datum has no MLS information,then copy the MLS information from the avrule_decl's datum. If itdoes, then compare the default level, low level, and high levelsensitivities and give an error if they do not match. There is notenough information to expand the categories for the high and lowlevels, so merge the semantic categories. If the two category setsare not equal an error will occur during the expansion phase.
Avoid calling strdup with a NULL pointer, which can happen with aninvalid policy context, e.g.:
class Csid Sclass C { P };user U roles j;sid S s:l:q:q:q
In case the erroneous token is unprintable, e.g. a control character,print its hex value instead.
Include the necessary header for isprint to avoid an implicitfunction declaration:
policy_scan.l: In function ‘yyerror’:policy_scan.l:342:13: warning: implicit declaration of function ‘isprint’ [-Wimplicit-function-declaration]342 | if {| ^~~~~~~policy_scan.l:36:1: note: include ‘’ or provide a declaration of ‘isprint’35 | #include y.tab.h+++ |+#include36 | #endif
This does not currently break the build cause -Werror is stripped forthe parsing code to avoid breakage on old flex/bison versions that mightnot generate warning free code.
The special error value YYerror is only available since bison 3.6. For example the version used by oss-fuzz does notsupport it.
Use a special token in case YYerror is not available. Only downside isa duplicate error message, one from the manual yyerror.
Free the temporary bounds type in the error branches.
Free the ebitmaps inside the rolesets on error.
Close the input file and free all memory by the queue and lexer on asyntax or parse error.
Inform bison about an invalid character by returning YYerror, so theparser can cleanup internal state and return the failure via yyparse.Currently the error is only observable via the global variablepolicydb_errors, which needs to be checked separately.
Free the two identifiers on an invalid typebounds in the error branch,similar to the success branch.
The passed expression needs to be transferred into the policy or free'dby the sink functions define_constraint.
Free identifiers removed from the queue but not yet owned by the policyon errors.
The lower 64 bits of the subnet prefix for an ibpkeycon rule shouldall be 0's. Unfortunately the check uses the s6_addr macro which refersto the 16 entry array of 8-bit values in the union and does not referto the correct bits.
Use the s6_addr32 macro instead which refers to the 4 entry array of32-bit values in the union and refers to the lower 64 bits.
If declare_symbol returns 1 the id and the datum are already definedand not consumed by the function, so it they must be free'd by thecaller.
Example policy :
class s sid e class s{i}optional{require{bool K;}bool K true;
Example policy generated by fuzzer:
class ssid kclass s { i }optional{require{attribute i;}}type m;typealias m alias i;
typeai
When a user is created in an optional block, a user datum is addedto both the avrule_decl's symtab and the policydb's symtab, butthe semantic MLS information is only added to the avrule_decl'suser datum. This causes an error to occur during policy expansionwhen user_copy_callback is called. If this error did not occurthen the policydb's user datum would be written without any MLSinfo and the policy would fail validation when read later.
When creating a user datum, search for a user datum with the samekey in the policydb's symtab. If that datum has no MLS information,then copy the MLS information from the avrule_decl's datum. If itdoes, then compare the default level, low level, and high levelsensitivities and give an error if they do not match. There is notenough information to expand the categories for the high and lowlevels, so merge the semantic categories. If the two category setsare not equal an error will occur during the expansion phase.
Avoid calling strdup with a NULL pointer, which can happen with aninvalid policy context, e.g.:
class Csid Sclass C { P };user U roles j;sid S s:l:q:q:q
openeuler-ci-bot
拥有者
