The syntax array that cil_gen_defaultrange() called __cil_verify_syntax() with was wrong. It had the range (which should be low, high, or low-high) as optional when it is not. Use the correct syntax array to check the syntax of the defaultrange rule. Signed-off-by: James Carter <jwcart2@xxxxxxxxx> --- libsepol/cil/src/cil_build_ast.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 71f14e20..a5f617d8 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -5862,7 +5862,7 @@ int cil_gen_defaultrange(struct cil_tree_node *parse_current, struct cil_tree_no CIL_SYN_STRING, CIL_SYN_STRING | CIL_SYN_LIST, CIL_SYN_STRING, - CIL_SYN_STRING | CIL_SYN_END, + CIL_SYN_STRING, CIL_SYN_END }; int syntax_len = sizeof(syntax)/sizeof(*syntax); -- 2.26.3
