mbox series

[0/5,v2] Another round of secilc-fuzzer problems fixed

Message ID 20210621191833.282874-1-jwcart2@gmail.com (mailing list archive)
Headers show
Series Another round of secilc-fuzzer problems fixed | expand

Message

James Carter June 21, 2021, 7:18 p.m. UTC 
Patch 1 fixes the check for self-referential loops that didn't work in all cases
Patches 2 and 3 fix a couple of bugs
Patches 4 and 5 make it harder to create small policies that expand into large
policies that consume all of a system's memory.

Only patches 2 and 5 are changed in v2.

James Carter (5):
  libsepol/cil: Properly check for loops in sets
  libsepol/cil: Fix syntax checking of defaultrange rule
  libsepol/cil: Check for empty list when marking neverallow attributes
  libsepol/cil: Reduce the initial symtab sizes for blocks
  libsepol/cil: Improve degenerate inheritance check

 libsepol/cil/src/cil.c             |   2 +-
 libsepol/cil/src/cil_build_ast.c   |  10 ++
 libsepol/cil/src/cil_internal.h    |   5 +-
 libsepol/cil/src/cil_post.c        |   4 +
 libsepol/cil/src/cil_resolve_ast.c | 226 +++++++++++++++++++----------
 libsepol/cil/src/cil_verify.c      |  48 ++++--
 6 files changed, 198 insertions(+), 97 deletions(-)

Comments

Nicolas Iooss June 23, 2021, 7:32 p.m. UTC | #1 
On Mon, Jun 21, 2021 at 9:18 PM James Carter <jwcart2@gmail.com> wrote:
>
> Patch 1 fixes the check for self-referential loops that didn't work in all cases
> Patches 2 and 3 fix a couple of bugs
> Patches 4 and 5 make it harder to create small policies that expand into large
> policies that consume all of a system's memory.
>
> Only patches 2 and 5 are changed in v2.
>
> James Carter (5):
>   libsepol/cil: Properly check for loops in sets
>   libsepol/cil: Fix syntax checking of defaultrange rule
>   libsepol/cil: Check for empty list when marking neverallow attributes
>   libsepol/cil: Reduce the initial symtab sizes for blocks
>   libsepol/cil: Improve degenerate inheritance check
>
>  libsepol/cil/src/cil.c             |   2 +-
>  libsepol/cil/src/cil_build_ast.c   |  10 ++
>  libsepol/cil/src/cil_internal.h    |   5 +-
>  libsepol/cil/src/cil_post.c        |   4 +
>  libsepol/cil/src/cil_resolve_ast.c | 226 +++++++++++++++++++----------
>  libsepol/cil/src/cil_verify.c      |  48 ++++--
>  6 files changed, 198 insertions(+), 97 deletions(-)
>
> --
> 2.26.3

Hello,

These patches look good to me:

Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Thanks!
Nicolas
James Carter June 24, 2021, 2:30 p.m. UTC | #2 
On Wed, Jun 23, 2021 at 3:32 PM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> On Mon, Jun 21, 2021 at 9:18 PM James Carter <jwcart2@gmail.com> wrote:
> >
> > Patch 1 fixes the check for self-referential loops that didn't work in all cases
> > Patches 2 and 3 fix a couple of bugs
> > Patches 4 and 5 make it harder to create small policies that expand into large
> > policies that consume all of a system's memory.
> >
> > Only patches 2 and 5 are changed in v2.
> >
> > James Carter (5):
> >   libsepol/cil: Properly check for loops in sets
> >   libsepol/cil: Fix syntax checking of defaultrange rule
> >   libsepol/cil: Check for empty list when marking neverallow attributes
> >   libsepol/cil: Reduce the initial symtab sizes for blocks
> >   libsepol/cil: Improve degenerate inheritance check
> >
> >  libsepol/cil/src/cil.c             |   2 +-
> >  libsepol/cil/src/cil_build_ast.c   |  10 ++
> >  libsepol/cil/src/cil_internal.h    |   5 +-
> >  libsepol/cil/src/cil_post.c        |   4 +
> >  libsepol/cil/src/cil_resolve_ast.c | 226 +++++++++++++++++++----------
> >  libsepol/cil/src/cil_verify.c      |  48 ++++--
> >  6 files changed, 198 insertions(+), 97 deletions(-)
> >
> > --
> > 2.26.3
>
> Hello,
>
> These patches look good to me:
>
> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
>

This series has been merged.
Jim

> Thanks!
> Nicolas
>