| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180927224700.13739-1-colin.king@canonical.com>
Date: Thu, 27 Sep 2018 23:47:00 +0100
From: Colin King <colin.king@...onical.com>
To: Steven Rostedt <rostedt@...dmis.org>,
Ingo Molnar <mingo@...hat.com>
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] tracing: fix potential null pointer dereference on rctr_end
From: Colin Ian King <colin.king@...onical.com>
Currently rctr_end may assigned null if strchr() fails leading to
a null pointer dereference in the following check on *(rctr_end + 1).
Fix this by also adding a null pointer check before the dereference.
Detected by CoverityScan, CID#1473700 ("Dereference null return value")
Fixes: 1cc33161a83d ("uprobes: Support SDT markers having reference count (semaphore)")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
kernel/trace/trace_uprobe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c
index 3a7c73c40007..c5514651e61f 100644
--- a/kernel/trace/trace_uprobe.c
+++ b/kernel/trace/trace_uprobe.c
@@ -477,7 +477,7 @@ static int create_trace_uprobe(int argc, char **argv)
rctr = strchr(arg, '(');
if (rctr) {
rctr_end = strchr(rctr, ')');
- if (rctr > rctr_end || *(rctr_end + 1) != 0) {
+ if (!rctr_end || rctr > rctr_end || *(rctr_end + 1) != 0) {
ret = -EINVAL;
pr_info("Invalid reference counter offset.\n");
goto fail_address_parse;
--
2.17.1
Powered by blists - more mailing lists