[31319] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix recently-introduced profile parsing bugs
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Tue May 28 16:48:29 2024
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20240528204824.A0154101A21@krbdev.mit.edu>
Date: Tue, 28 May 2024 16:48:24 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/e85e30234f0e0e250a00e5f3468bb7311a7d3fb2
commit e85e30234f0e0e250a00e5f3468bb7311a7d3fb2
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue May 21 19:10:50 2024 -0400
Fix recently-introduced profile parsing bugs
When parsing a "}", do not ascend to the parent node if we are still
within a discarded section after decrementing group_level, as we did
not descend into a child node at the beginning of the subsection.
(Discovered by OSS-Fuzz.)
Also adjust the level check to take into account the shifted meaning
of state->group_level, so that we properly reject a "}" within a
top-level section.
Both bugs were introduced in commit
f951625e6bd3ff44f1056958b56e35a1a043e362.
src/util/profile/final6.ini | 7 +++++++
src/util/profile/prof_parse.c | 14 +++++++++-----
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/src/util/profile/final6.ini b/src/util/profile/final6.ini
index c1e44b747..0035c474e 100644
--- a/src/util/profile/final6.ini
+++ b/src/util/profile/final6.ini
@@ -25,6 +25,13 @@
bb = {
bba = 2
}
+ # Regression test for a bug where each subsection within a
+ # discarded section caused the parser to ascend into the
+ # parent node without descending into a child node first.
+ bb = {
+ }
+ bb = {
+ }
[c]
ca* = {
diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
index c581fb722..2e329de4e 100644
--- a/src/util/profile/prof_parse.c
+++ b/src/util/profile/prof_parse.c
@@ -124,18 +124,22 @@ static errcode_t parse_std_line(char *line, struct parse_state *state)
return 0;
}
if (ch == '}') {
- if (state->group_level == 0)
+ if (state->group_level < 2)
return PROF_EXTRA_CBRACE;
if (*(cp+1) == '*')
profile_make_node_final(state->current_section);
- retval = profile_get_node_parent(state->current_section,
- &state->current_section);
- if (retval)
- return retval;
state->group_level--;
/* Check if we are done discarding values from a subsection. */
if (state->group_level < state->discard)
state->discard = 0;
+ /* Ascend to the current node's parent, unless the subsection we ended
+ * was discarded (in which case we never descended). */
+ if (!state->discard) {
+ retval = profile_get_node_parent(state->current_section,
+ &state->current_section);
+ if (retval)
+ return retval;
+ }
return 0;
}
/*
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
