Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
libsepol/cil: Limit the number of open parenthesis allowed
When parsing a CIL policy, the number of open parenthesis is tracked to verify that each has a matching close parenthesis. If there are too many open parenthesis, a stack overflow could occur during later processing. Exit with an error if the number of open parenthesis exceeds 4096 (which should be enough for any policy.) This bug was found by the secilc-fuzzer. Signed-off-by: James Carter <jwcart2@gmail.com>
- Loading branch information