libsepol/cil: Limit the number of active line marks

A line mark functions like an open parenthesis, so the number of active line marks should be limited like the number of open parenthesis. This issue was found by the secilc-fuzzer. Signed-off-by: James Carter <[email protected]> Acked-by: Nicolas Iooss <[email protected]>
SELinuxProject · Sep 8, 2021 · ff143e5 · ff143e5
1 parent d0b5ba0
commit ff143e5
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c
@@ -131,6 +131,10 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_offset
 		*current = (*current)->parent;
 	} else {
 		push_hll_info(stack, *hll_offset, *hll_expand);
+		if (cil_stack_number_of_items(stack) > CIL_PARSER_MAX_EXPR_DEPTH) {
+			cil_log(CIL_ERR, "Number of active line marks exceeds limit of %d\n", CIL_PARSER_MAX_EXPR_DEPTH);
+			goto exit;
+		}
 
 		create_node(&node, *current, tok.line, *hll_offset, NULL);
 		insert_node(node, *current);