| Message ID | 20210907195845.809083-2-jwcart2@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/2] libsepol/cil: Add function to get number of items in a stack | expand |
On Tue, Sep 7, 2021 at 9:58 PM James Carter <jwcart2@gmail.com> wrote: > > A line mark functions like an open parenthesis, so the number of > active line marks should be limited like the number of open > parenthesis. > > This issue was found by the secilc-fuzzer. > > Signed-off-by: James Carter <jwcart2@gmail.com> For both patches: Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> Thanks, Nicolas > --- > libsepol/cil/src/cil_parser.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c > index a967b9ed..5375d49a 100644 > --- a/libsepol/cil/src/cil_parser.c > +++ b/libsepol/cil/src/cil_parser.c > @@ -131,6 +131,10 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_offset > *current = (*current)->parent; > } else { > push_hll_info(stack, *hll_offset, *hll_expand); > + if (cil_stack_number_of_items(stack) > CIL_PARSER_MAX_EXPR_DEPTH) { > + cil_log(CIL_ERR, "Number of active line marks exceeds limit of %d\n", CIL_PARSER_MAX_EXPR_DEPTH); > + goto exit; > + } > > create_node(&node, *current, tok.line, *hll_offset, NULL); > insert_node(node, *current); > -- > 2.31.1 >
diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index a967b9ed..5375d49a 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -131,6 +131,10 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_offset *current = (*current)->parent; } else { push_hll_info(stack, *hll_offset, *hll_expand); + if (cil_stack_number_of_items(stack) > CIL_PARSER_MAX_EXPR_DEPTH) { + cil_log(CIL_ERR, "Number of active line marks exceeds limit of %d\n", CIL_PARSER_MAX_EXPR_DEPTH); + goto exit; + } create_node(&node, *current, tok.line, *hll_offset, NULL); insert_node(node, *current);
A line mark functions like an open parenthesis, so the number of active line marks should be limited like the number of open parenthesis. This issue was found by the secilc-fuzzer. Signed-off-by: James Carter <jwcart2@gmail.com> --- libsepol/cil/src/cil_parser.c | 4 ++++ 1 file changed, 4 insertions(+)