Fix the test to prevent overflowing the stack buffer for
boolean expressions.
Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
---
libsepol/cil/src/cil_tree.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c
index 2abbb96c..1b04fe68 100644
--- a/libsepol/cil/src/cil_tree.c
+++ b/libsepol/cil/src/cil_tree.c
@@ -339,7 +339,7 @@ static int cil_expr_to_string(struct cil_list *expr, char **out)
int pos = 0;
cil_list_for_each(curr, expr) {
- if (pos > COND_EXPR_MAXDEPTH) {
+ if (pos >= COND_EXPR_MAXDEPTH) {
rc = SEPOL_ERR;
goto exit;
}
--
2.14.3
