lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 May 2019 10:07:23 +0800 From: Gen Zhang <blackgod016574@...il.com> To: Li Zhijian <lizhijian@...fujitsu.com> Cc: linux-kernel@...r.kernel.org Subject: Re: [PATCH] initramfs: Fix a missing-check bug in init/initramfs.c On Wed, May 22, 2019 at 10:00:37AM +0800, Li Zhijian wrote: > > On 5/22/19 09:04, Gen Zhang wrote: > >In dir_add(), de and de->name are allocated by kmalloc() and kstrdup(). > >And de->name is dereferenced in the following codes. However, memory > >allocation functions such as kmalloc() and kstrdup() may fail. > >Dereferencing this de->name null pointer may cause the kernel go wrong. > >Thus we should check this allocation. > >Further, if kstrdup() returns NULL, we should free de and panic(). > > > >Signed-off-by: Gen Zhang <blackgod016574@...il.com> > > > >--- > >diff --git a/init/initramfs.c b/init/initramfs.c > >index 178130f..dc8063f 100644 > >--- a/init/initramfs.c > >+++ b/init/initramfs.c > >@@ -125,6 +125,10 @@ static void __init dir_add(const char *name, time64_t mtime) > > panic("can't allocate dir_entry buffer"); > > INIT_LIST_HEAD(&de->list); > > de->name = kstrdup(name, GFP_KERNEL); > >+ if (!de->name) { > >+ kfree(de); > >+ panic("can't allocate dir_entry name buffer"); > >+ } > > Looks good > > but the following place should be considered as well i think > 342 vcollected = kstrdup(collected, GFP_KERNEL); > 343 state = CopyFile; > > > Thanks > Zhijian Thanks for your comments, Zhijian! I thinks you are correct that vcollected should also be checked. I will work on this patch and resubmit it. Thank Gen
Powered by blists - more mailing lists