From owner-p4-projects@FreeBSD.ORG  Wed May 28 08:27:23 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id B5C8B37B404; Wed, 28 May 2003 08:27:22 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4F54137B401
	for <perforce@freebsd.org>; Wed, 28 May 2003 08:27:22 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9F4DD43F75
	for <perforce@freebsd.org>; Wed, 28 May 2003 08:27:21 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h4SFRL0U027593
	for <perforce@freebsd.org>; Wed, 28 May 2003 08:27:21 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h4SFRLmc027590
	for perforce@freebsd.org; Wed, 28 May 2003 08:27:21 -0700 (PDT)
Date: Wed, 28 May 2003 08:27:21 -0700 (PDT)
Message-Id: <200305281527.h4SFRLmc027590@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 31981 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 May 2003 15:27:23 -0000

http://perforce.freebsd.org/chv.cgi?CH=31981

Change 31981 by rwatson@rwatson_tislabs on 2003/05/28 08:26:27

	Re-work MLS label parsing:
		- Comments are good.
		- Avoid pointer arithmetic when possible.
		- Rename variables to be more clear about what they do
		- Avoid combining assignments, comparisons, and unary
		  operators.
	
	The same changes should be applied to Biba as well.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#164 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#164 (text+ko) ====

@@ -639,8 +639,8 @@
 static int
 mac_mls_parse_element(struct mac_mls_element *element, char *string)
 {
-	char *p, *tp, *np;
-	int crange, d, i;
+	char *compartment, *end, *level;
+	int i, inset, setbase, value;
 
 	if (strcmp(string, "high") == 0 ||
 	    strcmp(string, "hi") == 0) {
@@ -656,39 +656,69 @@
 		element->mme_level = MAC_MLS_TYPE_UNDEF;
 
 	} else {
-		d = strtol(string, &p, 10);
-		if (d < 0 || d > 65535)
+		element->mme_type = MAC_MLS_TYPE_LEVEL;
+
+		/*
+		 * Numeric level piece of the element.
+		 */
+		level = strsep(&string, ":");
+		value = strtol(level, &end, 10);
+		if (end == level || *end != '\0')
+			return (EINVAL);
+		if (value < 0 || value > 65535)
 			return (EINVAL);
+		element->mme_level = value;
 
-		element->mme_type = MAC_MLS_TYPE_LEVEL;
-		element->mme_level = d;
-
-		if (p == string || *p == '\0')
+		/*
+		 * Optional compartment piece of the element.  If none
+		 * are included, we assume that the label has no
+		 * compartments.
+		 */
+		if (string == NULL)
 			return (0);
-		if (*p != ':')
-			return (EINVAL);
-		np = ++p;
-		if (np == NULL || *np == '\0')
+		if (*string == '\0')
 			return (0);
-		crange = d = 0;
-		while ((tp = strsep(&np, "+")) != NULL) {
-			d = strtol(tp, &p, 10);
-			if (*p != '\0' || d < 1 ||
-			    d > MAC_MLS_MAX_COMPARTMENTS || crange >= d)
+
+		/*
+		 * Because we support a notation that accepts 'X++Y' for a
+		 * set of continuous compartment values, we must keep track
+		 * of the most recent possible start value.  Initialize the
+		 * tracking to (-1) to indicate that we don't have a base
+		 * for the set yet.
+		 */
+		setbase = -1;
+		inset = 0;
+		while ((compartment = strsep(&string, "+")) != NULL) {
+			if (*compartment == '\0') {
+				/* No base yet. */
+				if (setbase == -1)
+					return (EINVAL);
+				/* Already in set. */
+				if (inset != 0)
+					return (EINVAL);
+				inset = 1;
+				continue;
+			}
+			/*
+			 * An actual entry in the list, possible following
+			 * a continuous compartment set.
+			 */
+			value = strtol(compartment, &end, 10);
+			if (compartment == end || *end != '\0')
+				return (EINVAL);
+			if (value < 1 || value > MAC_MLS_MAX_COMPARTMENTS)
 				return (EINVAL);
-			if (crange > 0) {
-				for (i = crange; i <= d; i++)
+			if (inset) {
+				for (i = setbase; i <= value; i++) {
 					MAC_MLS_BIT_SET(i,
 					    element->mme_compartments);
-				crange = 0;
-			}
-			if (np != NULL && *np == '+') {
-				++np;
-				crange = d;
+				}
+				inset = 0;
 			} else
-				MAC_MLS_BIT_SET(d, element->mme_compartments);
+				MAC_MLS_BIT_SET(value,
+				    element->mme_compartments);
+			setbase = value;
 		}
-
 	}
 	return (0);
 }