These patches are all related by the fact that the secilc-fuzzer identified the bugs that led to them. Wherever possible I have tried to fix all of the issues related to the specific one found. James Carter (5): libsepol/cil: Fix instances where an error returns SEPOL_OK libsepol/cil: Detect degenerate inheritance and exit with an error libsepol/cil: Check datum in ordered list for expected flavor libsepol/cil: Check for self-referential loops in sets libsepol/cil: Return an error if a call argument fails to resolve libsepol/cil/src/cil_build_ast.c | 3 + libsepol/cil/src/cil_internal.h | 2 + libsepol/cil/src/cil_resolve_ast.c | 107 ++++++++++++++++++++--------- libsepol/cil/src/cil_verify.c | 97 ++++++++++++++++++-------- libsepol/cil/src/cil_verify.h | 1 - 5 files changed, 151 insertions(+), 59 deletions(-) -- 2.26.3
