lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <AANLkTik2jL_wXDydNiH-r-RUcxRDYUEY30maPhkS94o9@mail.gmail.com>
Date:	Wed, 10 Nov 2010 12:25:47 +0800
From:	jovi zhang <bookjovi@...il.com>
To:	Jason Wessel <jason.wessel@...driver.com>,
	Martin Hicks <mort@....com>, Dmitry Torokhov <dtor@...l.ru>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Rusty Russell <rusty@...tcorp.com.au>,
	kgdb-bugreport@...ts.sourceforge.net, linux-kernel@...r.kernel.org
Subject: [PATCH] kdb: fix kernel fault when register kdb debug command exceeds KDB_BASE_CMD_MAX

If we register kdb debug command numbers exceeds KDB_BASE_CMD_MAX,
kernel will fault
This patch fix it

Signed-off-by: jovi zhang <bookjovi@...il.com>
kernel/debug/kdb/kdb_main.c |   10 ++++------
1 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
index 37755d6..abd46c9 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -82,7 +82,7 @@ static kdbtab_t kdb_base_commands[50];
#define for_each_kdbcmd(cmd, num)                                      \
       for ((cmd) = kdb_base_commands, (num) = 0;                      \
            num < kdb_max_commands;                                    \
-            num == KDB_BASE_CMD_MAX ? cmd = kdb_commands : cmd++, num++)
+            num++, num == KDB_BASE_CMD_MAX ? cmd = kdb_commands : cmd++)

typedef struct _kdbmsg {
       int     km_diag;        /* kdb diagnostic */
@@ -2730,7 +2730,7 @@ int kdb_register_repeat(char *cmd,
       }

       if (i >= kdb_max_commands) {
-               kdbtab_t *new = kmalloc((kdb_max_commands - KDB_BASE_CMD_MAX +
+               kdbtab_t *new = kzalloc((kdb_max_commands - KDB_BASE_CMD_MAX +
                        kdb_command_extend) * sizeof(*new), GFP_KDB);
               if (!new) {
                       kdb_printf("Could not allocate new kdb_command "
@@ -2739,13 +2739,11 @@ int kdb_register_repeat(char *cmd,
               }
               if (kdb_commands) {
                       memcpy(new, kdb_commands,
-                              kdb_max_commands * sizeof(*new));
+                       (kdb_max_commands - KDB_BASE_CMD_MAX) * sizeof(*new));
                       kfree(kdb_commands);
               }
-               memset(new + kdb_max_commands, 0,
-                      kdb_command_extend * sizeof(*new));
               kdb_commands = new;
-               kp = kdb_commands + kdb_max_commands;
+               kp = kdb_commands + kdb_max_commands - KDB_BASE_CMD_MAX;
               kdb_max_commands += kdb_command_extend;
       }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ