change_profile's target namespace parsing doesn't work as intended

Bug #1540666 reported by Tyler Hicks on 2016-02-01
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Tyler Hicks

Bug Description

While modifying the change_profile rule parsing logic, I noticed that the
portion that is intended to parse the target profile's namespace is not working
as intended:

  1525 change_profile: change_profile_head TOK_ARROW opt_ns TOK_ID TOK_END_OF_RULE
  1526 {
  1527 struct cod_entry *entry;
  1528 PDEBUG("Matched change_profile: tok_id (:%s://%s)\n", $3 ? $3 : "", $4);
  1529 entry = new_entry($3, $4, AA_CHANGE_PROFILE, $1);
  1530 if (!entry)
  1531 yyerror(_("Memory allocation error."));
  1532 PDEBUG("change_profile.entry: (%s)\n", entry->name);
  1533 $$ = entry;
  1534 };

$ echo "/t { change_profile /bin/true -> :ns://profile, }" | ./parser/apparmor_parser -qQ
parser: Matched change_profile: tok_id (:://:ns://profile)

You can see from the PDEBUG() output that NULL is being passed as the first
parameter to new_entry(). I've also verified this through other means.

Christian Boltz (cboltz) on 2016-02-01
tags: added: aa-parser
Tyler Hicks (tyhicks) wrote :
Changed in apparmor:
status: In Progress → Fix Committed
Christian Boltz (cboltz) wrote :

Fixed in AppArmor 2.11

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers