On Sat, May 1, 2021 at 10:33 AM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote: > > On Wed, Apr 28, 2021 at 10:18 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > > > The secilc-fuzzer found a self-referential loop using category sets. > > Any set declaration in CIL that allows sets in it is susceptible to > > the creation of a self-referential loop. There is a check, but only > > for the name of the set being declared being used in the set > > declaration. > > > > Check for self-refential loops in user, role, and type attributes > > and in category sets. Since all of the sets need to be declared, > > this check has to be done when verifying the CIL db before doing > > the post phase. > > > > Signed-off-by: James Carter <jwcart2@xxxxxxxxx> > > --- > > libsepol/cil/src/cil_resolve_ast.c | 31 +--------- > > libsepol/cil/src/cil_verify.c | 97 +++++++++++++++++++++--------- > > libsepol/cil/src/cil_verify.h | 1 - > > 3 files changed, 71 insertions(+), 58 deletions(-) > > > [...] > > diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c > > index 5a37dd2f..4c860a21 100644 > > --- a/libsepol/cil/src/cil_verify.c > > +++ b/libsepol/cil/src/cil_verify.c > > @@ -430,28 +430,71 @@ int cil_verify_decl_does_not_shadow_macro_parameter(struct cil_macro *macro, str > > return SEPOL_OK; > > } > > > > -int cil_verify_no_self_reference(struct cil_symtab_datum *datum, struct cil_list *datum_list) > > +int cil_verify_no_self_reference(enum cil_flavor flavor, struct cil_symtab_datum *datum, struct cil_symtab_datum *orig); > > Hello, > Your patches look fine. Nevertheless it would be cleaner if this > function was declared "static", as it is not used outside of > cil_verify.c. This is a suggestion which is not blocking any merge, so > if you prefer to merge the patches directly, feel free to do so. > > Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> > I like your suggestion better. Thanks, Jim > And thanks for working on fixing issues identified by OSS-Fuzz! > Nicolas >
