* [PATCH 1/2] checkpolicy: use YYerror only when available
@ 2024-03-22 14:50 Christian Göttsche
2024-03-22 14:50 ` [PATCH 2/2] checkpolicy: handle unprintable token Christian Göttsche
2024-03-25 17:13 ` [PATCH 1/2] checkpolicy: use YYerror only when available James Carter
0 siblings, 2 replies; 4+ messages in thread
From: Christian Göttsche @ 2024-03-22 14:50 UTC (permalink / raw
To: selinux
The special error value YYerror is only available since bison 3.6
(released 2020). For example the version used by oss-fuzz does not
support it.
Use a special token in case YYerror is not available. Only downside is
a duplicate error message, one from the manual yyerror() call and one
from within bison for the unexpected special token (which would be
omitted by using YYerror).
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
checkpolicy/policy_parse.y | 1 +
checkpolicy/policy_scan.l | 9 ++++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
index e0103502..1b275ebc 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -153,6 +153,7 @@ typedef int (* require_func_t)(int pass);
%token FILESYSTEM
%token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE
%token LOW_HIGH LOW HIGH GLBLUB
+%token INVALID_CHAR
%left OR
%left XOR
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index 1926129c..c4d8e937 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -308,7 +308,14 @@ GLBLUB { return(GLBLUB); }
"]" |
"~" |
"*" { return(yytext[0]); }
-. { yyerror("unrecognized character"); return YYerror; }
+. { yyerror("unrecognized character");
+/* Available since bison 3.6, avoids duplicate error message */
+#ifdef YYerror
+ return YYerror;
+#else
+ return INVALID_CHAR;
+#endif
+ }
%%
int yyerror(const char *msg)
{
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] checkpolicy: handle unprintable token
2024-03-22 14:50 [PATCH 1/2] checkpolicy: use YYerror only when available Christian Göttsche
@ 2024-03-22 14:50 ` Christian Göttsche
2024-03-25 17:13 ` [PATCH 1/2] checkpolicy: use YYerror only when available James Carter
1 sibling, 0 replies; 4+ messages in thread
From: Christian Göttsche @ 2024-03-22 14:50 UTC (permalink / raw
To: selinux
In case the erroneous token is unprintable, e.g. a control character,
print its hex value instead.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
checkpolicy/policy_scan.l | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index c4d8e937..d7cf2896 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -320,6 +320,16 @@ GLBLUB { return(GLBLUB); }
int yyerror(const char *msg)
{
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ const char *token;
+ char buf[8];
+
+ if (isprint((unsigned char)yytext[0])) {
+ token = yytext;
+ } else {
+ snprintf(buf, sizeof(buf), "%#x", yytext[0]);
+ token = buf;
+ }
+
if (source_file[0])
fprintf(stderr, "%s:%lu:",
source_file, source_lineno);
@@ -327,7 +337,7 @@ int yyerror(const char *msg)
fprintf(stderr, "(unknown source)::");
fprintf(stderr, "ERROR '%s' at token '%s' on line %lu:\n%s\n%s\n",
msg,
- yytext,
+ token,
policydb_lineno,
linebuf[0], linebuf[1]);
#else
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] checkpolicy: use YYerror only when available
2024-03-22 14:50 [PATCH 1/2] checkpolicy: use YYerror only when available Christian Göttsche
2024-03-22 14:50 ` [PATCH 2/2] checkpolicy: handle unprintable token Christian Göttsche
@ 2024-03-25 17:13 ` James Carter
2024-03-27 19:07 ` James Carter
1 sibling, 1 reply; 4+ messages in thread
From: James Carter @ 2024-03-25 17:13 UTC (permalink / raw
To: Christian Göttsche; +Cc: selinux
On Fri, Mar 22, 2024 at 10:54 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> The special error value YYerror is only available since bison 3.6
> (released 2020). For example the version used by oss-fuzz does not
> support it.
>
> Use a special token in case YYerror is not available. Only downside is
> a duplicate error message, one from the manual yyerror() call and one
> from within bison for the unexpected special token (which would be
> omitted by using YYerror).
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
For these two patches:
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> checkpolicy/policy_parse.y | 1 +
> checkpolicy/policy_scan.l | 9 ++++++++-
> 2 files changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
> index e0103502..1b275ebc 100644
> --- a/checkpolicy/policy_parse.y
> +++ b/checkpolicy/policy_parse.y
> @@ -153,6 +153,7 @@ typedef int (* require_func_t)(int pass);
> %token FILESYSTEM
> %token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE
> %token LOW_HIGH LOW HIGH GLBLUB
> +%token INVALID_CHAR
>
> %left OR
> %left XOR
> diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
> index 1926129c..c4d8e937 100644
> --- a/checkpolicy/policy_scan.l
> +++ b/checkpolicy/policy_scan.l
> @@ -308,7 +308,14 @@ GLBLUB { return(GLBLUB); }
> "]" |
> "~" |
> "*" { return(yytext[0]); }
> -. { yyerror("unrecognized character"); return YYerror; }
> +. { yyerror("unrecognized character");
> +/* Available since bison 3.6, avoids duplicate error message */
> +#ifdef YYerror
> + return YYerror;
> +#else
> + return INVALID_CHAR;
> +#endif
> + }
> %%
> int yyerror(const char *msg)
> {
> --
> 2.43.0
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] checkpolicy: use YYerror only when available
2024-03-25 17:13 ` [PATCH 1/2] checkpolicy: use YYerror only when available James Carter
@ 2024-03-27 19:07 ` James Carter
0 siblings, 0 replies; 4+ messages in thread
From: James Carter @ 2024-03-27 19:07 UTC (permalink / raw
To: Christian Göttsche; +Cc: selinux
On Mon, Mar 25, 2024 at 1:13 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Fri, Mar 22, 2024 at 10:54 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > The special error value YYerror is only available since bison 3.6
> > (released 2020). For example the version used by oss-fuzz does not
> > support it.
> >
> > Use a special token in case YYerror is not available. Only downside is
> > a duplicate error message, one from the manual yyerror() call and one
> > from within bison for the unexpected special token (which would be
> > omitted by using YYerror).
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> For these two patches:
> Acked-by: James Carter <jwcart2@gmail.com>
>
These two patches have been merged.
Thanks,
Jim
> > ---
> > checkpolicy/policy_parse.y | 1 +
> > checkpolicy/policy_scan.l | 9 ++++++++-
> > 2 files changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
> > index e0103502..1b275ebc 100644
> > --- a/checkpolicy/policy_parse.y
> > +++ b/checkpolicy/policy_parse.y
> > @@ -153,6 +153,7 @@ typedef int (* require_func_t)(int pass);
> > %token FILESYSTEM
> > %token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE
> > %token LOW_HIGH LOW HIGH GLBLUB
> > +%token INVALID_CHAR
> >
> > %left OR
> > %left XOR
> > diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
> > index 1926129c..c4d8e937 100644
> > --- a/checkpolicy/policy_scan.l
> > +++ b/checkpolicy/policy_scan.l
> > @@ -308,7 +308,14 @@ GLBLUB { return(GLBLUB); }
> > "]" |
> > "~" |
> > "*" { return(yytext[0]); }
> > -. { yyerror("unrecognized character"); return YYerror; }
> > +. { yyerror("unrecognized character");
> > +/* Available since bison 3.6, avoids duplicate error message */
> > +#ifdef YYerror
> > + return YYerror;
> > +#else
> > + return INVALID_CHAR;
> > +#endif
> > + }
> > %%
> > int yyerror(const char *msg)
> > {
> > --
> > 2.43.0
> >
> >
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-27 19:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-22 14:50 [PATCH 1/2] checkpolicy: use YYerror only when available Christian Göttsche
2024-03-22 14:50 ` [PATCH 2/2] checkpolicy: handle unprintable token Christian Göttsche
2024-03-25 17:13 ` [PATCH 1/2] checkpolicy: use YYerror only when available James Carter
2024-03-27 19:07 ` James Carter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).