| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 May 2019 10:07:23 +0800
From: Gen Zhang <blackgod016574@...il.com>
To: Li Zhijian <lizhijian@...fujitsu.com>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] initramfs: Fix a missing-check bug in init/initramfs.c
On Wed, May 22, 2019 at 10:00:37AM +0800, Li Zhijian wrote:
>
> On 5/22/19 09:04, Gen Zhang wrote:
> >In dir_add(), de and de->name are allocated by kmalloc() and kstrdup().
> >And de->name is dereferenced in the following codes. However, memory
> >allocation functions such as kmalloc() and kstrdup() may fail.
> >Dereferencing this de->name null pointer may cause the kernel go wrong.
> >Thus we should check this allocation.
> >Further, if kstrdup() returns NULL, we should free de and panic().
> >
> >Signed-off-by: Gen Zhang <blackgod016574@...il.com>
> >
> >---
> >diff --git a/init/initramfs.c b/init/initramfs.c
> >index 178130f..dc8063f 100644
> >--- a/init/initramfs.c
> >+++ b/init/initramfs.c
> >@@ -125,6 +125,10 @@ static void __init dir_add(const char *name, time64_t mtime)
> > panic("can't allocate dir_entry buffer");
> > INIT_LIST_HEAD(&de->list);
> > de->name = kstrdup(name, GFP_KERNEL);
> >+ if (!de->name) {
> >+ kfree(de);
> >+ panic("can't allocate dir_entry name buffer");
> >+ }
>
> Looks good
>
> but the following place should be considered as well i think
> 342 vcollected = kstrdup(collected, GFP_KERNEL);
> 343 state = CopyFile;
>
>
> Thanks
> Zhijian
Thanks for your comments, Zhijian!
I thinks you are correct that vcollected should also be checked.
I will work on this patch and resubmit it.
Thank
Gen
Powered by blists - more mailing lists