[PATCH 0/5] Another round of secilc-fuzzer problems fixed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Patch 1 fixes the check for self-referential loops that didn't work in all cases
Patches 2 and 3 fix a couple of bugs
Patches 4 and 5 make it harder to create small policies that expand into large
policies that consume all of a system's memory.

James Carter (5):
  libsepol/cil: Properly check for loops in sets
  libsepol/cil: Fix syntax checking of defaultrange rule
  libsepol/cil: Check for empty list when marking neverallow attributes
  libsepol/cil: Reduce the initial symtab sizes for blocks
  libsepol/cil: Improve degenerate inheritance check

 libsepol/cil/src/cil.c             |   2 +-
 libsepol/cil/src/cil_build_ast.c   |   2 +-
 libsepol/cil/src/cil_internal.h    |   5 +-
 libsepol/cil/src/cil_post.c        |   4 +
 libsepol/cil/src/cil_resolve_ast.c | 229 +++++++++++++++++++----------
 libsepol/cil/src/cil_verify.c      |  48 ++++--
 6 files changed, 191 insertions(+), 99 deletions(-)

-- 
2.26.3




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux