• R/O
  • SSH
  • HTTPS

tomoyo: Commit


Commit MetaInfo

Revision6839 (tree)
Time2020-11-03 14:28:46
Authorkumaneko

Log Message

(empty log message)

Change Summary

Incremental Difference

--- trunk/2.6.x/tomoyo-tools/usr_sbin/Makefile (revision 6838)
+++ trunk/2.6.x/tomoyo-tools/usr_sbin/Makefile (revision 6839)
@@ -19,8 +19,8 @@
1919 LDFLAGS_PIC := $(filter-out -pie,$(filter-out -fPIE,$(LDFLAGS)))
2020
2121 libtomoyotools.so: tomoyotools.c tomoyotools.h
22- $(CC) $(CPPFLAGS) $(CFLAGS_PIC) $(LDFLAGS_PIC) -fPIC tomoyotools.c -shared -Wl,-soname,libtomoyotools.so.3 -o libtomoyotools.so.3.0.3
23- ln -sf libtomoyotools.so.3.0.3 libtomoyotools.so
22+ $(CC) $(CPPFLAGS) $(CFLAGS_PIC) $(LDFLAGS_PIC) -fPIC tomoyotools.c -shared -Wl,-soname,libtomoyotools.so.3 -o libtomoyotools.so.3.0.4
23+ ln -sf libtomoyotools.so.3.0.4 libtomoyotools.so
2424
2525 .c:
2626 $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $< -ltomoyotools -L.
@@ -35,8 +35,8 @@
3535
3636 install: all
3737 mkdir -p -m 0755 $(INSTALLDIR)$(USRLIBDIR)
38- $(INSTALL) -m 0755 libtomoyotools.so.3.0.3 $(INSTALLDIR)$(USRLIBDIR)
39- ln -sf libtomoyotools.so.3.0.3 $(INSTALLDIR)$(USRLIBDIR)/libtomoyotools.so.3
38+ $(INSTALL) -m 0755 libtomoyotools.so.3.0.4 $(INSTALLDIR)$(USRLIBDIR)
39+ ln -sf libtomoyotools.so.3.0.4 $(INSTALLDIR)$(USRLIBDIR)/libtomoyotools.so.3
4040 ifeq ($(INSTALLDIR),)
4141 ldconfig || true
4242 endif
--- trunk/2.6.x/tomoyo-tools/usr_sbin/tomoyotools.c (revision 6838)
+++ trunk/2.6.x/tomoyo-tools/usr_sbin/tomoyotools.c (revision 6839)
@@ -417,58 +417,61 @@
417417 */
418418 static _Bool ccs_correct_word2(const char *string, size_t len)
419419 {
420+ u8 recursion = 20;
420421 const char *const start = string;
421422 _Bool in_repetition = false;
422- unsigned char c;
423- unsigned char d;
424- unsigned char e;
425423 if (!len)
426424 goto out;
427425 while (len--) {
428- c = *string++;
426+ unsigned char c = *string++;
429427 if (c == '\\') {
430428 if (!len--)
431429 goto out;
432430 c = *string++;
431+ if (c >= '0' && c <= '3') {
432+ unsigned char d;
433+ unsigned char e;
434+ if (!len-- || !len--)
435+ goto out;
436+ d = *string++;
437+ e = *string++;
438+ if (d < '0' || d > '7' || e < '0' || e > '7')
439+ goto out;
440+ c = ccs_make_byte(c, d, e);
441+ if (c <= ' ' || c >= 127)
442+ continue;
443+ goto out;
444+ }
433445 switch (c) {
434446 case '\\': /* "\\" */
435- continue;
436- case '$': /* "\$" */
437447 case '+': /* "\+" */
438448 case '?': /* "\?" */
449+ case 'x': /* "\x" */
450+ case 'a': /* "\a" */
451+ case '-': /* "\-" */
452+ continue;
453+ }
454+ if (!recursion--)
455+ goto out;
456+ switch (c) {
439457 case '*': /* "\*" */
440458 case '@': /* "\@" */
441- case 'x': /* "\x" */
459+ case '$': /* "\$" */
442460 case 'X': /* "\X" */
443- case 'a': /* "\a" */
444461 case 'A': /* "\A" */
445- case '-': /* "\-" */
446462 continue;
447463 case '{': /* "/\{" */
448464 if (string - 3 < start || *(string - 3) != '/')
449- break;
465+ goto out;
450466 in_repetition = true;
451467 continue;
452468 case '}': /* "\}/" */
453469 if (*string != '/')
454- break;
470+ goto out;
455471 if (!in_repetition)
456- break;
472+ goto out;
457473 in_repetition = false;
458474 continue;
459- case '0': /* "\ooo" */
460- case '1':
461- case '2':
462- case '3':
463- if (!len-- || !len--)
464- break;
465- d = *string++;
466- e = *string++;
467- if (d < '0' || d > '7' || e < '0' || e > '7')
468- break;
469- c = ccs_make_byte(c, d, e);
470- if (c <= ' ' || c >= 127)
471- continue;
472475 }
473476 goto out;
474477 } else if (in_repetition && c == '/') {
@@ -497,6 +500,21 @@
497500 }
498501
499502 /**
503+ * ccs_correct_path2 - Check whether the given pathname follows the naming rules.
504+ *
505+ * @filename: The pathname to check.
506+ * @len: Length of @filename.
507+ *
508+ * Returns true if @filename follows the naming rules, false otherwise.
509+ */
510+_Bool ccs_correct_path2(const char *filename, const size_t len)
511+{
512+ const char *cp1 = memchr(filename, '/', len);
513+ const char *cp2 = memchr(filename, '.', len);
514+ return cp1 && (!cp2 || (cp1 < cp2)) && ccs_correct_word2(filename, len);
515+}
516+
517+/**
500518 * ccs_correct_path - Check whether the given pathname follows the naming rules.
501519 *
502520 * @filename: The pathname to check.
@@ -505,7 +523,7 @@
505523 */
506524 _Bool ccs_correct_path(const char *filename)
507525 {
508- return *filename == '/' && ccs_correct_word(filename);
526+ return ccs_correct_path2(filename, strlen(filename));
509527 }
510528
511529 /**
@@ -546,16 +564,15 @@
546564 return true;
547565 while (1) {
548566 const char *cp = strchr(domainname, ' ');
567+ const int len = cp ? cp - domainname : strlen(domainname);
568+ if (len == 0)
569+ return true;
570+ if (!ccs_correct_path2(domainname, len))
571+ return false;
549572 if (!cp)
550- break;
551- if (*domainname != '/' ||
552- !ccs_correct_word2(domainname, cp - domainname))
553- goto out;
554- domainname = cp + 1;
573+ return true;
574+ domainname += len + 1;
555575 }
556- return ccs_correct_path(domainname);
557-out:
558- return false;
559576 }
560577
561578 /**
@@ -2230,9 +2247,9 @@
22302247 }
22312248
22322249 /**
2233- * ccs_check_remote_host - Check whether the remote host is running with the TOMOYO 2.5 kernel or not.
2250+ * ccs_check_remote_host - Check whether the remote host is running with the TOMOYO 2.6 kernel or not.
22342251 *
2235- * Returns true if running with TOMOYO 2.5 kernel, false otherwise.
2252+ * Returns true if running with TOMOYO 2.6 kernel, false otherwise.
22362253 */
22372254 _Bool ccs_check_remote_host(void)
22382255 {
@@ -2242,7 +2259,7 @@
22422259 FILE *fp = ccs_open_read("version");
22432260 if (!fp ||
22442261 fscanf(fp, "%u.%u.%u", &major, &minor, &rev) < 2 ||
2245- major != 2 || minor != 5) {
2262+ major != 2 || minor != 6) {
22462263 const u32 ip = ntohl(ccs_network_ip);
22472264 fprintf(stderr, "Can't connect to %u.%u.%u.%u:%u\n",
22482265 (u8) (ip >> 24), (u8) (ip >> 16),
Show on old repository browser