lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu,  6 Aug 2015 17:53:48 +0200
From:	Takashi Iwai <tiwai@...e.de>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	linux-kernel@...r.kernel.org
Subject: [PATCH] modpost: abort if a module symbol is too long

Module symbols have a limited length, but currently the build system
allows the build finishing even if the driver code contains a too long
symbol name, which eventually overflows the modversion_info[] item.
The compiler may catch at compiling *.mod.c like
  CC      xxx.mod.o
  xxx.mod.c:18:16: warning: initializer-string for array of chars is too long
but it's merely a warning.

This patch adds the check of the symbol length in modpost and stops
the build properly.

As of now, MODULE_NAME_LEN is copied in modpost.c.  At best, this
should be read directly from kernel headers.  But including
linux/module.h is too troublesome for now, so just paper over it.

Signed-off-by: Takashi Iwai <tiwai@...e.de>
---
 scripts/mod/modpost.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 12d3db3bd46b..25bda9d2868c 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -2133,6 +2133,9 @@ static void add_staging_flag(struct buffer *b, const char *name)
 		buf_printf(b, "\nMODULE_INFO(staging, \"Y\");\n");
 }
 
+/* FIXME: better to be included from kernel header */
+#define MODULE_NAME_LEN (64 - sizeof(unsigned long))
+
 /**
  * Record CRCs for unresolved symbols
  **/
@@ -2177,6 +2180,12 @@ static int add_versions(struct buffer *b, struct module *mod)
 				s->name, mod->name);
 			continue;
 		}
+		if (strlen(s->name) >= MODULE_NAME_LEN) {
+			merror("too long symbol \"%s\" [%s.ko]\n",
+			       s->name, mod->name);
+			err = 1;
+			break;
+		}
 		buf_printf(b, "\t{ %#8x, __VMLINUX_SYMBOL_STR(%s) },\n",
 			   s->crc, s->name);
 	}
-- 
2.5.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ