lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.1.00.0804222309250.14359@dragon.funnycrock.com>
Date:	Tue, 22 Apr 2008 23:12:27 +0200 (CEST)
From:	Jesper Juhl <jesper.juhl@...il.com>
To:	Roman Zippel <zippel@...ux-m68k.org>
cc:	linux-kernel@...r.kernel.org, Jesper Juhl <jesper.juhl@...il.com>
Subject: [PATCH] hfs: if match_strdup() fails to allocate memory in
 parse_options(), don't blow up the kernel.

From: Jesper Juhl <jesper.juhl@...il.com>

The Coverity checker spotted that we don't check the return value of 
match_strdup() in fs/hfs/super.c::parse_options().
This is bad since match_strdup() does a memory allocation internally 
which can fail. If it does fail it'll return NULL and in that case 
we'll pass the NULL pointer on to load_nls() which will eventually 
dereference it - Boom!
Much better to check the return value, fail gracefully and log an 
error message if this happens.
This happens in two different spots. I've made the error logged in 
each location unique so that it'll be obvious in bug reports later 
exactely which one of the two spots got hit (always nice to have 
grep'able error messages that point to a unique location in the 
source).


Signed-off-by: Jesper Juhl <jesper.juhl@...il.com>
---

 super.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/fs/hfs/super.c b/fs/hfs/super.c
index 32de44e..221e314 100644
--- a/fs/hfs/super.c
+++ b/fs/hfs/super.c
@@ -297,6 +297,10 @@ static int parse_options(char *options, struct hfs_sb_info *hsb)
 				return 0;
 			}
 			p = match_strdup(&args[0]);
+			if (!p) {
+				printk(KERN_ERR "hfs: mem alloc failed in match_strdup()\n");
+				return 0;
+			}
 			hsb->nls_disk = load_nls(p);
 			if (!hsb->nls_disk) {
 				printk(KERN_ERR "hfs: unable to load codepage \"%s\"\n", p);
@@ -311,6 +315,10 @@ static int parse_options(char *options, struct hfs_sb_info *hsb)
 				return 0;
 			}
 			p = match_strdup(&args[0]);
+			if (!p) {
+				printk(KERN_ERR "hfs: memory allocation failed in match_strdup()\n");
+				return 0;
+			}
 			hsb->nls_io = load_nls(p);
 			if (!hsb->nls_io) {
 				printk(KERN_ERR "hfs: unable to load iocharset \"%s\"\n", p);


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ