lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 18 Jul 2018 11:19:49 -0700
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     Taeung Song <treeze.taeung@...il.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] tools/bpftool: Fix segfault case regarding 'pin'
 arguments

On Wed, 18 Jul 2018 22:35:26 +0900, Taeung Song wrote:
> Arguments of 'pin' subcommand should be checked
> at the very beginning of do_pin_any().
> Otherwise segfault errors can occur when using
> 'map pin' or 'prog pin' commands, so fix it.
> 
>   # bpftool prog pin id
>   Segmentation fault
> 
> Fixes: 71bb428fe2c1 ("tools: bpf: add bpftool")
> Cc: Jakub Kicinski <jakub.kicinski@...ronome.com>
> Reported-by: Taehee Yoo <ap420073@...il.com>
> Signed-off-by: Taeung Song <treeze.taeung@...il.com>
> ---
>  tools/bpf/bpftool/common.c | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
> index 32f9e397a6c0..b1e1ba9e1c90 100644
> --- a/tools/bpf/bpftool/common.c
> +++ b/tools/bpf/bpftool/common.c
> @@ -217,6 +217,14 @@ int do_pin_any(int argc, char **argv, int (*get_fd_by_id)(__u32))
>  	int err;
>  	int fd;
>  
> +	if (argc < 3) {
> +		p_err("too few arguments, id PROG_ID and FILE path is required");

Thanks for the fix!  You can't say PROG_ID here, because this function
is also called by bpftool map pin id X.  How about s/PROG_ID/ID/ ?

> +		return -1;
> +	} else if (argc > 3) {
> +		p_err("too many arguments");
> +		return -1;
> +	}
> +
>  	if (!is_prefix(*argv, "id")) {
>  		p_err("expected 'id' got %s", *argv);
>  		return -1;
> @@ -230,9 +238,6 @@ int do_pin_any(int argc, char **argv, int (*get_fd_by_id)(__u32))
>  	}
>  	NEXT_ARG();
>  
> -	if (argc != 1)
> -		usage();
> -
>  	fd = get_fd_by_id(id);
>  	if (fd < 0) {
>  		p_err("can't get prog by id (%u): %s", id, strerror(errno));

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ