RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-02 19:52:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol/cil: Limit the number of open parenthesis allowed

Browse Source 
When parsing a CIL policy, the number of open parenthesis is tracked
to verify that each has a matching close parenthesis. If there are
too many open parenthesis, a stack overflow could occur during later
processing.

Exit with an error if the number of open parenthesis exceeds 4096
(which should be enough for any policy.)

This bug was found by the secilc-fuzzer.

Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
James Carter 2021-05-13 12:37:59 -04:00
parent 29d6a3ee4a
commit 69fc31d1fb
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libsepol/cil/src/cil_parser.c
View File

@ -42,6 +42,8 @@
#include "cil_strpool.h"
#include "cil_stack.h"
#define CIL_PARSER_MAX_EXPR_DEPTH (0x1 << 12)
char *CIL_KEY_HLL_LMS;
char *CIL_KEY_HLL_LMX;
char *CIL_KEY_HLL_LME;
@ -245,7 +247,10 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree *
break;
case OPAREN:
paren_count++;
if (paren_count > CIL_PARSER_MAX_EXPR_DEPTH) {
cil_log(CIL_ERR, "Number of open parenthesis exceeds limit of %d at line %d of %s\n", CIL_PARSER_MAX_EXPR_DEPTH, tok.line, path);
goto exit;
}
create_node(&node, current, tok.line, hll_lineno, NULL);
insert_node(node, current);
current = node;