lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 07 Aug 2015 06:39:12 +0930
From:	Rusty Russell <rusty@...tcorp.com.au>
To:	Takashi Iwai <tiwai@...e.de>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] modpost: abort if a module symbol is too long

Takashi Iwai <tiwai@...e.de> writes:
> Module symbols have a limited length, but currently the build system
> allows the build finishing even if the driver code contains a too long
> symbol name, which eventually overflows the modversion_info[] item.
> The compiler may catch at compiling *.mod.c like
>   CC      xxx.mod.o
>   xxx.mod.c:18:16: warning: initializer-string for array of chars is too long
> but it's merely a warning.
>
> This patch adds the check of the symbol length in modpost and stops
> the build properly.
>
> As of now, MODULE_NAME_LEN is copied in modpost.c.  At best, this
> should be read directly from kernel headers.  But including
> linux/module.h is too troublesome for now, so just paper over it.
>
> Signed-off-by: Takashi Iwai <tiwai@...e.de>
> ---
>  scripts/mod/modpost.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> index 12d3db3bd46b..25bda9d2868c 100644
> --- a/scripts/mod/modpost.c
> +++ b/scripts/mod/modpost.c
> @@ -2133,6 +2133,9 @@ static void add_staging_flag(struct buffer *b, const char *name)
>  		buf_printf(b, "\nMODULE_INFO(staging, \"Y\");\n");
>  }
>  
> +/* FIXME: better to be included from kernel header */
> +#define MODULE_NAME_LEN (64 - sizeof(unsigned long))

This isn't quite right, since modpost handles cross-compilation.

#define MODULE_NAME_LEN (64 - sizeof(Elf_Addr))

Should work...

Thanks!
Rusty.

> +
>  /**
>   * Record CRCs for unresolved symbols
>   **/
> @@ -2177,6 +2180,12 @@ static int add_versions(struct buffer *b, struct module *mod)
>  				s->name, mod->name);
>  			continue;
>  		}
> +		if (strlen(s->name) >= MODULE_NAME_LEN) {
> +			merror("too long symbol \"%s\" [%s.ko]\n",
> +			       s->name, mod->name);
> +			err = 1;
> +			break;
> +		}
>  		buf_printf(b, "\t{ %#8x, __VMLINUX_SYMBOL_STR(%s) },\n",
>  			   s->crc, s->name);
>  	}
> -- 
> 2.5.0
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ