On Tue, Sep 7, 2021 at 9:58 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> A line mark functions like an open parenthesis, so the number of
> active line marks should be limited like the number of open
> parenthesis.
>
> This issue was found by the secilc-fuzzer.
>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
For both patches:
Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Thanks,
Nicolas
> ---
> libsepol/cil/src/cil_parser.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c
> index a967b9ed..5375d49a 100644
> --- a/libsepol/cil/src/cil_parser.c
> +++ b/libsepol/cil/src/cil_parser.c
> @@ -131,6 +131,10 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_offset
> *current = (*current)->parent;
> } else {
> push_hll_info(stack, *hll_offset, *hll_expand);
> + if (cil_stack_number_of_items(stack) > CIL_PARSER_MAX_EXPR_DEPTH) {
> + cil_log(CIL_ERR, "Number of active line marks exceeds limit of %d\n", CIL_PARSER_MAX_EXPR_DEPTH);
> + goto exit;
> + }
>
> create_node(&node, *current, tok.line, *hll_offset, NULL);
> insert_node(node, *current);
> --
> 2.31.1
>
