Message ID | 20200120192210.6370-1-lucas.de.marchi@gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | libkmod: reset was_space on second pass | expand |
On Mon, Jan 20, 2020 at 4:22 PM Lucas De Marchi <lucas.de.marchi@gmail.com> wrote: > > From: Lucas De Marchi <lucas.demarchi@intel.com> > > The softdep config parser uses a 2-pass approach to use a single > allocation for all the softdep struct. However "was_space" variable > isn't reset between them. This can lead to a buffer overflow. > > Reported-by: Jorge Lucangeli Obes <jorgelo@google.com> > Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@mail.gmail.com > --- Applied, Lucas De Marchi > libkmod/libkmod-config.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c > index aaac0a1..7b62367 100644 > --- a/libkmod/libkmod-config.c > +++ b/libkmod/libkmod-config.c > @@ -335,6 +335,7 @@ static int kmod_config_add_softdep(struct kmod_config *config, > n_pre = 0; > n_post = 0; > mode = S_NONE; > + was_space = false; > for (p = s = line; ; s++) { > size_t plen; > > -- > 2.24.1 >
Thanks! On Mon, Jan 27, 2020 at 8:46 AM Lucas De Marchi <lucas.de.marchi@gmail.com> wrote: > > On Mon, Jan 20, 2020 at 4:22 PM Lucas De Marchi > <lucas.de.marchi@gmail.com> wrote: > > > > From: Lucas De Marchi <lucas.demarchi@intel.com> > > > > The softdep config parser uses a 2-pass approach to use a single > > allocation for all the softdep struct. However "was_space" variable > > isn't reset between them. This can lead to a buffer overflow. > > > > Reported-by: Jorge Lucangeli Obes <jorgelo@google.com> > > Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@mail.gmail.com > > --- > > Applied, > > Lucas De Marchi > > > libkmod/libkmod-config.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c > > index aaac0a1..7b62367 100644 > > --- a/libkmod/libkmod-config.c > > +++ b/libkmod/libkmod-config.c > > @@ -335,6 +335,7 @@ static int kmod_config_add_softdep(struct kmod_config *config, > > n_pre = 0; > > n_post = 0; > > mode = S_NONE; > > + was_space = false; > > for (p = s = line; ; s++) { > > size_t plen; > > > > -- > > 2.24.1 > > > > > -- > Lucas De Marchi
diff --git a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c index aaac0a1..7b62367 100644 --- a/libkmod/libkmod-config.c +++ b/libkmod/libkmod-config.c @@ -335,6 +335,7 @@ static int kmod_config_add_softdep(struct kmod_config *config, n_pre = 0; n_post = 0; mode = S_NONE; + was_space = false; for (p = s = line; ; s++) { size_t plen;
From: Lucas De Marchi <lucas.demarchi@intel.com> The softdep config parser uses a 2-pass approach to use a single allocation for all the softdep struct. However "was_space" variable isn't reset between them. This can lead to a buffer overflow. Reported-by: Jorge Lucangeli Obes <jorgelo@google.com> Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@mail.gmail.com --- libkmod/libkmod-config.c | 1 + 1 file changed, 1 insertion(+)