PERFORCE change 31981 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=31981

Change 31981 by rwatson at rwatson_tislabs on 2003/05/28 08:26:27

	Re-work MLS label parsing:
		- Comments are good.
		- Avoid pointer arithmetic when possible.
		- Rename variables to be more clear about what they do
		- Avoid combining assignments, comparisons, and unary
		  operators.
	
	The same changes should be applied to Biba as well.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#164 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#164 (text+ko) ====

@@ -639,8 +639,8 @@
 static int
 mac_mls_parse_element(struct mac_mls_element *element, char *string)
 {
-	char *p, *tp, *np;
-	int crange, d, i;
+	char *compartment, *end, *level;
+	int i, inset, setbase, value;
 
 	if (strcmp(string, "high") == 0 ||
 	    strcmp(string, "hi") == 0) {
@@ -656,39 +656,69 @@
 		element->mme_level = MAC_MLS_TYPE_UNDEF;
 
 	} else {
-		d = strtol(string, &p, 10);
-		if (d < 0 || d > 65535)
+		element->mme_type = MAC_MLS_TYPE_LEVEL;
+
+		/*
+		 * Numeric level piece of the element.
+		 */
+		level = strsep(&string, ":");
+		value = strtol(level, &end, 10);
+		if (end == level || *end != '\0')
+			return (EINVAL);
+		if (value < 0 || value > 65535)
 			return (EINVAL);
+		element->mme_level = value;
 
-		element->mme_type = MAC_MLS_TYPE_LEVEL;
-		element->mme_level = d;
-
-		if (p == string || *p == '\0')
+		/*
+		 * Optional compartment piece of the element.  If none
+		 * are included, we assume that the label has no
+		 * compartments.
+		 */
+		if (string == NULL)
 			return (0);
-		if (*p != ':')
-			return (EINVAL);
-		np = ++p;
-		if (np == NULL || *np == '\0')
+		if (*string == '\0')
 			return (0);
-		crange = d = 0;
-		while ((tp = strsep(&np, "+")) != NULL) {
-			d = strtol(tp, &p, 10);
-			if (*p != '\0' || d < 1 ||
-			    d > MAC_MLS_MAX_COMPARTMENTS || crange >= d)
+
+		/*
+		 * Because we support a notation that accepts 'X++Y' for a
+		 * set of continuous compartment values, we must keep track
+		 * of the most recent possible start value.  Initialize the
+		 * tracking to (-1) to indicate that we don't have a base
+		 * for the set yet.
+		 */
+		setbase = -1;
+		inset = 0;
+		while ((compartment = strsep(&string, "+")) != NULL) {
+			if (*compartment == '\0') {
+				/* No base yet. */
+				if (setbase == -1)
+					return (EINVAL);
+				/* Already in set. */
+				if (inset != 0)
+					return (EINVAL);
+				inset = 1;
+				continue;
+			}
+			/*
+			 * An actual entry in the list, possible following
+			 * a continuous compartment set.
+			 */
+			value = strtol(compartment, &end, 10);
+			if (compartment == end || *end != '\0')
+				return (EINVAL);
+			if (value < 1 || value > MAC_MLS_MAX_COMPARTMENTS)
 				return (EINVAL);
-			if (crange > 0) {
-				for (i = crange; i <= d; i++)
+			if (inset) {
+				for (i = setbase; i <= value; i++) {
 					MAC_MLS_BIT_SET(i,
 					    element->mme_compartments);
-				crange = 0;
-			}
-			if (np != NULL && *np == '+') {
-				++np;
-				crange = d;
+				}
+				inset = 0;
 			} else
-				MAC_MLS_BIT_SET(d, element->mme_compartments);
+				MAC_MLS_BIT_SET(value,
+				    element->mme_compartments);
+			setbase = value;
 		}
-
 	}
 	return (0);
 }
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message