[apparmor] [PATCH 1/2] Fix an error in tree normalization that can result in an infinite loop
Kees Cook
kees at ubuntu.com
Thu Feb 16 20:25:05 UTC 2012
On Thu, Feb 16, 2012 at 08:26:09AM -0800, John Johansen wrote:
> Tree normailization tries to reshape expr tree into a normal from like
>
> |1 |1
> / \ / \
> |2 T -> a |2
> / \ / \
> |3 c b |3
> / \ / \
> a b c T
>
> which requires rotating the alt and cat nodes, at the same time it
> also tries to rotate epsnods to the same side as alt and cat nodes.
>
> However there is a bug that results in the epsnode flipping and
> node rotation reverting each others work. If the tree is of the
> follow form this will result in an infinite loop.
>
> |1
> / \
> e2 |3
> / \
> e3 C
>
> epsnode flipping is not supposed to take precedence over node rotation
> and there is even a test to check for an alt or cat node, unfortunately
> it is wrong resulting in unnecessary swapping and the possibility for
> the above infinite loop
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> parser/libapparmor_re/expr-tree.cc | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/parser/libapparmor_re/expr-tree.cc b/parser/libapparmor_re/expr-tree.cc
> index e9a1275..b502d54 100644
> --- a/parser/libapparmor_re/expr-tree.cc
> +++ b/parser/libapparmor_re/expr-tree.cc
> @@ -189,7 +189,7 @@ void normalize_tree(Node *t, int dir)
> for (;;) {
> if ((&epsnode == t->child[dir]) &&
> (&epsnode != t->child[!dir]) &&
> - dynamic_cast<TwoChildNode *>(t)) {
> + !dynamic_cast<TwoChildNode *>(t->child[!dir])) {
> // (E | a) -> (a | E)
> // Ea -> aE
> Node *c = t->child[dir];
I don't understand this area well enough to be comfortable to ACK it, but
if you say it's needed, that's good enough for me. ;) That said, is there
a simple test-case that can be used to show the before/after of this
change?
-Kees
--
Kees Cook
More information about the AppArmor
mailing list