On Thu, Sep 10, 2020 at 8:37 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Wed, Sep 9, 2020 at 4:58 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > > > CIL was not correctly determining the depth of conditional expressions > > which prevented it from giving an error when the max depth was exceeded. > > This allowed invalid policy binaries to be created. > > > > Validate the conditional expression using the same logic that is used > > when evaluating a conditional expression. This includes checking the > > depth of the expression. > > > > Signed-off-by: James Carter <jwcart2@xxxxxxxxx> > > Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> Applied.
