[apparmor] [Patch][parser] fix: pass through unprocessed escapes to the backend

[John Johansen]

v2
- fix character pass through issue
- add tests

Currently the parser does escape processing in multiple places, this can
result in failures if not handled properly The lexer front end currently
incorrectly processes the \000 \x00 \d00 escape sequence resulting in a
null character being embedded in the processed string, this results in the
string not being full processed later.

The aare to pcre regex conversion fn also incorrectly strips out the \00,
and any other escape sequence it doesn't know about, resulting in
incorrect strings being passed to the backend. Fix this by passing through
any valid escape sequence that is not handled by the fn.

this is a partial fix for

Bug: http://bugs.launchpad.net/bugs/1413410

Signed-off-by: John Johansen <john.johansen at canonical.com>

nominated for 2.9 and 3.0

---

=== modified file 'parser/parser_misc.c'
--- parser/parser_misc.c	2014-10-02 19:58:54 +0000
+++ parser/parser_misc.c	2015-01-29 22:54:08 +0000
@@ -243,7 +243,10 @@
 			 * pass it through to be handled by the backend
 			 * pcre conversion
 			 */
-			if (strchr("*?[]{}^,\\", c) != NULL) {
+			if (c == 0) {
+				strncpy(s, string, pos - string);
+				s += pos - string;
+			} else if (strchr("*?[]{}^,\\", c) != NULL) {
 				*s++ = '\\';
 				*s++ = c;
 			} else

=== modified file 'parser/parser_regex.c'
--- parser/parser_regex.c	2014-09-03 20:45:44 +0000
+++ parser/parser_regex.c	2015-01-29 22:54:08 +0000
@@ -29,6 +29,7 @@
 
 /* #define DEBUG */
 
+#include "lib.h"
 #include "parser.h"
 #include "profile.h"
 #include "libapparmor_re/apparmor_re.h"
@@ -342,12 +343,26 @@
 
 		default:
 			if (bEscape) {
-				/* quoting mark used for something that
-				 * does not need to be quoted; give a warning */
-				pwarn("Character %c was quoted unnecessarily, "
-				      "dropped preceding quote ('\\') character\n", *sptr);
-			}
-			pcre.append(1, *sptr);
+				const char *pos = sptr;
+				int c;
+				if ((c = str_escseq(&pos, "")) != -1) {
+					/* valid escape we don't want to
+					 * interpret here */
+					pcre.append("\\");
+					pcre.append(sptr, pos - sptr);
+					sptr += (pos - sptr) - 1;
+				} else {
+					/* quoting mark used for something that
+					 * does not need to be quoted; give a
+					 * warning */
+					pwarn("Character %c was quoted "
+					      "unnecessarily, dropped preceding"
+					      " quote ('\\') character\n",
+					      *sptr);
+					pcre.append(1, *sptr);
+				}
+			} else
+				pcre.append(1, *sptr);
 			break;
 		}	/* switch (*sptr) */
 
@@ -927,6 +942,9 @@
 	MY_REGEX_TEST("\\\\|", "\\\\\\|", ePatternBasic);
 	MY_REGEX_TEST("\\\\(", "\\\\\\(", ePatternBasic);
 	MY_REGEX_TEST("\\\\)", "\\\\\\)", ePatternBasic);
+	MY_REGEX_TEST("\\000", "\\000", ePatternBasic);
+	MY_REGEX_TEST("\\x00", "\\x00", ePatternBasic);
+	MY_REGEX_TEST("\\d000", "\\d000", ePatternBasic);
 
 	/* more complicated character class tests */
 	/*   -- embedded alternations */