lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 19 Jul 2018 11:44:23 +0900
From:   Taeung Song <treeze.taeung@...il.com>
To:     Jakub Kicinski <jakub.kicinski@...ronome.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] tools/bpftool: Fix segfault case regarding 'pin'
 arguments



On 07/19/2018 03:19 AM, Jakub Kicinski wrote:
> On Wed, 18 Jul 2018 22:35:26 +0900, Taeung Song wrote:
>> Arguments of 'pin' subcommand should be checked
>> at the very beginning of do_pin_any().
>> Otherwise segfault errors can occur when using
>> 'map pin' or 'prog pin' commands, so fix it.
>>
>>    # bpftool prog pin id
>>    Segmentation fault
>>
>> Fixes: 71bb428fe2c1 ("tools: bpf: add bpftool")
>> Cc: Jakub Kicinski <jakub.kicinski@...ronome.com>
>> Reported-by: Taehee Yoo <ap420073@...il.com>
>> Signed-off-by: Taeung Song <treeze.taeung@...il.com>
>> ---
>>   tools/bpf/bpftool/common.c | 11 ++++++++---
>>   1 file changed, 8 insertions(+), 3 deletions(-)
>>
>> diff --git a/tools/bpf/bpftool/common.c b/tools/bpf/bpftool/common.c
>> index 32f9e397a6c0..b1e1ba9e1c90 100644
>> --- a/tools/bpf/bpftool/common.c
>> +++ b/tools/bpf/bpftool/common.c
>> @@ -217,6 +217,14 @@ int do_pin_any(int argc, char **argv, int (*get_fd_by_id)(__u32))
>>   	int err;
>>   	int fd;
>>   
>> +	if (argc < 3) {
>> +		p_err("too few arguments, id PROG_ID and FILE path is required");
> 
> Thanks for the fix!  You can't say PROG_ID here, because this function
> is also called by bpftool map pin id X.  How about s/PROG_ID/ID/ ?
> 

Yep! will fix it :)

--
Thanks,
Taeung

>> +		return -1;
>> +	} else if (argc > 3) {
>> +		p_err("too many arguments");
>> +		return -1;
>> +	}
>> +
>>   	if (!is_prefix(*argv, "id")) {
>>   		p_err("expected 'id' got %s", *argv);
>>   		return -1;
>> @@ -230,9 +238,6 @@ int do_pin_any(int argc, char **argv, int (*get_fd_by_id)(__u32))
>>   	}
>>   	NEXT_ARG();
>>   
>> -	if (argc != 1)
>> -		usage();
>> -
>>   	fd = get_fd_by_id(id);
>>   	if (fd < 0) {
>>   		p_err("can't get prog by id (%u): %s", id, strerror(errno));
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ