lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 22 Jul 2008 14:19:45 +0400
From:	Cyrill Gorcunov <gorcunov@...il.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	mingo@...e.hu, hpa@...or.com, tglx@...utronix.de,
	andi@...stfloor.org, linux-kernel@...r.kernel.org,
	linux-acpi@...r.kernel.org
Subject: Re: [patch 1/5] x86: ACPI - add checking for NULL early param

[Andrew Morton - Tue, Jul 22, 2008 at 02:53:32AM -0700]
| On Sat, 05 Jul 2008 15:53:35 +0400 Cyrill Gorcunov <gorcunov@...il.com> wrote:
| 
| > Signed-off-by: Cyrill Gorcunov <gorcunov@...il.com>
| > ---
| > 
| > Index: linux-2.6.git/drivers/acpi/tables.c
| > ====================================================================
| > --- linux-2.6.git.orig/drivers/acpi/tables.c	2008-01-21 23:14:47.000000000 +0300
| > +++ linux-2.6.git/drivers/acpi/tables.c	2008-07-05 12:24:16.000000000 +0400
| > @@ -300,6 +300,8 @@ int __init acpi_table_init(void)
| >  
| >  static int __init acpi_parse_apic_instance(char *str)
| >  {
| > +	if (!str)
| > +		return -EINVAL;
| >  
| >  	acpi_apic_instance = simple_strtoul(str, NULL, 0);
| >  
| 
| Could you please explain this patch?
| 

we could get NULL deref here - if you start kernel as

	qemu-system-x86_64 -kernel arch/x86/boot/bzImage -append "root=/dev/sda acpi_apic_instance" ../images/root-j

so user was not carried about correct boot option and the kernel respond by
hang - which is not good I think. Actually - by the patch we easy protect
ourself from user-madness :)

		- Cyrill -
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ