On Thu, Sep 3, 2020 at 2:19 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > CIL was not correctly determining the depth of constraint expressions > which prevented it from giving an error when the max depth was exceeded. > This allowed invalid policy binaries with constraint expressions exceeding > the max depth to be created. > > Correctly calculate the depth of constraint expressions when building > the AST and give an error when the max depth is exceeded. > > Reported-by: Jonathan Hettwer <j2468h@xxxxxxxxx> > Signed-off-by: James Carter <jwcart2@xxxxxxxxx> The fix for conditional boolean expression depth checking can be a separate patch. For this one, Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
