Ensure the ibendport port is not 0 (similar to the kernel). More general depth test for boolean expressions. Ensure the boolean id is not set for logic operators. Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- libsepol/src/policydb_validate.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index b20ed579..d04f6bcd 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -1002,13 +1002,15 @@ static int validate_cond_expr(sepol_handle_t *handle, const struct cond_expr *ex case COND_BOOL: if (validate_value(expr->boolean, boolean)) goto bad; - if (depth == (COND_EXPR_MAXDEPTH - 1)) + if (depth >= (COND_EXPR_MAXDEPTH - 1)) goto bad; depth++; break; case COND_NOT: if (depth < 0) goto bad; + if (expr->boolean != 0) + goto bad; break; case COND_OR: case COND_AND: @@ -1017,6 +1019,8 @@ static int validate_cond_expr(sepol_handle_t *handle, const struct cond_expr *ex case COND_NEQ: if (depth < 1) goto bad; + if (expr->boolean != 0) + goto bad; depth--; break; default: @@ -1203,6 +1207,8 @@ static int validate_ocontexts(sepol_handle_t *handle, const policydb_t *p, valid goto bad; break; case OCON_IBENDPORT: + if (octx->u.ibendport.port == 0) + goto bad; if (!octx->u.ibendport.dev_name) goto bad; break; -- 2.42.0
