Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libsepol: validate access vector permissions
Since commit c205b92 ("libsepol: Fix buffer overflow when using sepol_av_to_string()") writing an access vector with no valid permission results in an error instead of an empty string being written. Validate that at least one permission of an access vector is valid. There might be invalid bits set, e.g. by previous versions of checkpolicy setting all bits for the wildcard (*) permission. Reported-by: oss-fuzz (issue 67730) Signed-off-by: Christian Göttsche <[email protected]> Acked-by: James Carter <[email protected]>
- Loading branch information