All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/2] checkpolicy: use YYerror only when available
@ 2024-03-22 14:50 Christian Göttsche
  2024-03-22 14:50 ` [PATCH 2/2] checkpolicy: handle unprintable token Christian Göttsche
  2024-03-25 17:13 ` [PATCH 1/2] checkpolicy: use YYerror only when available James Carter
  0 siblings, 2 replies; 4+ messages in thread
From: Christian Göttsche @ 2024-03-22 14:50 UTC (permalink / raw)
  To: selinux

The special error value YYerror is only available since bison 3.6
(released 2020).  For example the version used by oss-fuzz does not
support it.

Use a special token in case YYerror is not available.  Only downside is
a duplicate error message, one from the manual yyerror() call and one
from within bison for the unexpected special token (which would be
omitted by using YYerror).

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 checkpolicy/policy_parse.y | 1 +
 checkpolicy/policy_scan.l  | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
index e0103502..1b275ebc 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -153,6 +153,7 @@ typedef int (* require_func_t)(int pass);
 %token FILESYSTEM
 %token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE
 %token LOW_HIGH LOW HIGH GLBLUB
+%token INVALID_CHAR
 
 %left OR
 %left XOR
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index 1926129c..c4d8e937 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -308,7 +308,14 @@ GLBLUB				{ return(GLBLUB); }
 "]" |
 "~" |
 "*"				{ return(yytext[0]); } 
-.                               { yyerror("unrecognized character"); return YYerror; }
+.                               { yyerror("unrecognized character");
+/* Available since bison 3.6, avoids duplicate error message */
+#ifdef YYerror
+				  return YYerror;
+#else
+				  return INVALID_CHAR;
+#endif
+				}
 %%
 int yyerror(const char *msg)
 {
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 2/2] checkpolicy: handle unprintable token
  2024-03-22 14:50 [PATCH 1/2] checkpolicy: use YYerror only when available Christian Göttsche
@ 2024-03-22 14:50 ` Christian Göttsche
  2024-03-25 17:13 ` [PATCH 1/2] checkpolicy: use YYerror only when available James Carter
  1 sibling, 0 replies; 4+ messages in thread
From: Christian Göttsche @ 2024-03-22 14:50 UTC (permalink / raw)
  To: selinux

In case the erroneous token is unprintable, e.g. a control character,
print its hex value instead.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 checkpolicy/policy_scan.l | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index c4d8e937..d7cf2896 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -320,6 +320,16 @@ GLBLUB				{ return(GLBLUB); }
 int yyerror(const char *msg)
 {
 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+	const char *token;
+	char buf[8];
+
+	if (isprint((unsigned char)yytext[0])) {
+		token = yytext;
+	} else {
+		snprintf(buf, sizeof(buf), "%#x", yytext[0]);
+		token = buf;
+	}
+
 	if (source_file[0])
 		fprintf(stderr, "%s:%lu:",
 			source_file, source_lineno);
@@ -327,7 +337,7 @@ int yyerror(const char *msg)
 		fprintf(stderr, "(unknown source)::");
 	fprintf(stderr, "ERROR '%s' at token '%s' on line %lu:\n%s\n%s\n",
 			msg,
-			yytext,
+			token,
 			policydb_lineno,
 			linebuf[0], linebuf[1]);
 #else
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] checkpolicy: use YYerror only when available
  2024-03-22 14:50 [PATCH 1/2] checkpolicy: use YYerror only when available Christian Göttsche
  2024-03-22 14:50 ` [PATCH 2/2] checkpolicy: handle unprintable token Christian Göttsche
@ 2024-03-25 17:13 ` James Carter
  2024-03-27 19:07   ` James Carter
  1 sibling, 1 reply; 4+ messages in thread
From: James Carter @ 2024-03-25 17:13 UTC (permalink / raw)
  To: Christian Göttsche; +Cc: selinux

On Fri, Mar 22, 2024 at 10:54 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> The special error value YYerror is only available since bison 3.6
> (released 2020).  For example the version used by oss-fuzz does not
> support it.
>
> Use a special token in case YYerror is not available.  Only downside is
> a duplicate error message, one from the manual yyerror() call and one
> from within bison for the unexpected special token (which would be
> omitted by using YYerror).
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

For these two patches:
Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  checkpolicy/policy_parse.y | 1 +
>  checkpolicy/policy_scan.l  | 9 ++++++++-
>  2 files changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
> index e0103502..1b275ebc 100644
> --- a/checkpolicy/policy_parse.y
> +++ b/checkpolicy/policy_parse.y
> @@ -153,6 +153,7 @@ typedef int (* require_func_t)(int pass);
>  %token FILESYSTEM
>  %token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE
>  %token LOW_HIGH LOW HIGH GLBLUB
> +%token INVALID_CHAR
>
>  %left OR
>  %left XOR
> diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
> index 1926129c..c4d8e937 100644
> --- a/checkpolicy/policy_scan.l
> +++ b/checkpolicy/policy_scan.l
> @@ -308,7 +308,14 @@ GLBLUB                             { return(GLBLUB); }
>  "]" |
>  "~" |
>  "*"                            { return(yytext[0]); }
> -.                               { yyerror("unrecognized character"); return YYerror; }
> +.                               { yyerror("unrecognized character");
> +/* Available since bison 3.6, avoids duplicate error message */
> +#ifdef YYerror
> +                                 return YYerror;
> +#else
> +                                 return INVALID_CHAR;
> +#endif
> +                               }
>  %%
>  int yyerror(const char *msg)
>  {
> --
> 2.43.0
>
>

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] checkpolicy: use YYerror only when available
  2024-03-25 17:13 ` [PATCH 1/2] checkpolicy: use YYerror only when available James Carter
@ 2024-03-27 19:07   ` James Carter
  0 siblings, 0 replies; 4+ messages in thread
From: James Carter @ 2024-03-27 19:07 UTC (permalink / raw)
  To: Christian Göttsche; +Cc: selinux

On Mon, Mar 25, 2024 at 1:13 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Fri, Mar 22, 2024 at 10:54 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > The special error value YYerror is only available since bison 3.6
> > (released 2020).  For example the version used by oss-fuzz does not
> > support it.
> >
> > Use a special token in case YYerror is not available.  Only downside is
> > a duplicate error message, one from the manual yyerror() call and one
> > from within bison for the unexpected special token (which would be
> > omitted by using YYerror).
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> For these two patches:
> Acked-by: James Carter <jwcart2@gmail.com>
>

These two patches have been merged.
Thanks,
Jim

> > ---
> >  checkpolicy/policy_parse.y | 1 +
> >  checkpolicy/policy_scan.l  | 9 ++++++++-
> >  2 files changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
> > index e0103502..1b275ebc 100644
> > --- a/checkpolicy/policy_parse.y
> > +++ b/checkpolicy/policy_parse.y
> > @@ -153,6 +153,7 @@ typedef int (* require_func_t)(int pass);
> >  %token FILESYSTEM
> >  %token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE
> >  %token LOW_HIGH LOW HIGH GLBLUB
> > +%token INVALID_CHAR
> >
> >  %left OR
> >  %left XOR
> > diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
> > index 1926129c..c4d8e937 100644
> > --- a/checkpolicy/policy_scan.l
> > +++ b/checkpolicy/policy_scan.l
> > @@ -308,7 +308,14 @@ GLBLUB                             { return(GLBLUB); }
> >  "]" |
> >  "~" |
> >  "*"                            { return(yytext[0]); }
> > -.                               { yyerror("unrecognized character"); return YYerror; }
> > +.                               { yyerror("unrecognized character");
> > +/* Available since bison 3.6, avoids duplicate error message */
> > +#ifdef YYerror
> > +                                 return YYerror;
> > +#else
> > +                                 return INVALID_CHAR;
> > +#endif
> > +                               }
> >  %%
> >  int yyerror(const char *msg)
> >  {
> > --
> > 2.43.0
> >
> >

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-27 19:07 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-22 14:50 [PATCH 1/2] checkpolicy: use YYerror only when available Christian Göttsche
2024-03-22 14:50 ` [PATCH 2/2] checkpolicy: handle unprintable token Christian Göttsche
2024-03-25 17:13 ` [PATCH 1/2] checkpolicy: use YYerror only when available James Carter
2024-03-27 19:07   ` James Carter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.