selinux/libsepol
Christian Göttsche b1b3467a47 libsepol: reject avtab entries with invalid specifier
Neverallow avtab entries are not supported (normal and extended). Reject
them to avoid lookup confusions via avtab_search(), e.g. when searching
for a invalid key of AVTAB_TRANSITION|AVTAB_NEVERALLOW and the result of
only AVTAB_NEVERALLOW has no transition value.

Simplify the check for the number of specifiers by using the compiler
popcount builtin (already used in libsepol).

Reported-by: oss-fuzz (issue 60568), caused at the time by the filetrans
             prefix proposal
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
2023-11-07 16:27:22 -05:00
..
cil libsepol/cil: Add cil_write_post_ast function 2023-08-16 13:34:09 -04:00
fuzz libsepol/fuzz: more strict fuzzing of binary policies 2023-07-12 13:01:15 -04:00
include libsepol: Changes to ebitmap.h to fix compiler warnings 2023-08-16 13:33:48 -04:00
man Do not automatically install Russian translations 2023-08-16 13:33:47 -04:00
src libsepol: reject avtab entries with invalid specifier 2023-11-07 16:27:22 -05:00
tests libsepol/tests: rename bool indentifiers 2023-05-03 09:15:20 -04:00
utils libsepol/utils: improve wording 2022-07-06 15:57:24 -04:00
.gitignore
LICENSE docs: provide a top level LICENSE file 2022-10-05 08:20:38 -04:00
Makefile
VERSION Update VERSIONs to 3.5 for release. 2023-02-23 05:16:11 -08:00