Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libsepol/cil: Fix syntax checking of defaultrange rule
When "glblub" was added as a default for the defaultrange rule, the syntax array was updated because the "glblub" default does not need to specify a range of "low", "high", or "low-high". Unfortunately, additional checking was not added for the "source" and "target" defaults to make sure they specified a range. This means that using the "source" or "target" defaults without specifying the range will result in a segfault. When the "source" or "target" defaults are used, check that the rule specifies a range as well. This bug was found by the secilc-fuzzer. Signed-off-by: James Carter <jwcart2@gmail.com> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
- Loading branch information