lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <158981614256.106494.12226121528668381542.stgit@bahia.lan>
Date:   Mon, 18 May 2020 17:35:42 +0200
From:   Greg Kurz <groug@...d.org>
To:     linux-kernel@...r.kernel.org
Cc:     stable@...r.kernel.org, linux-kbuild@...r.kernel.org,
        mingo@...nel.org
Subject: [PATCH] scripts/sorttable: Correctly handle mmap() returning
 MAP_FAILED

The caller of mmap_file() assumes it returns a valid address or NULL
on error. If mmap() fails for some reason, MAP_FAILED is returned
instead and sorttable crashes later when trying to dereference the
pointer:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000402b25 in do_file (fname=0x7fffffffe5e2 "vmlinux",
    addr=0xffffffffffffffff) at scripts/sorttable.c:264
264             switch (ehdr->e_ident[EI_DATA]) {
(gdb) p ehdr
$1 = (Elf32_Ehdr *) 0xffffffffffffffff

mmap() can only return NULL if the user explicitely asks for it with
MAP_FIXED, which isn't the case here. So, rather than changing the
semantics of mmap_file() and having the caller to cope with an
extra sentinel, return NULL when mmap() fails.

This bug exists since the addition of the sortextable binary (previous
name of sorttable). That code was borrowed from scripts/recordmount.c
which had the same issue. It got fixed in a similar manner by commit
3f1df12019f3 ("recordmcount: Rewrite error/success handling").

Cc: stable@...r.kernel.org # v3.5
Fixes: a79f248b9b30 ("scripts: Add sortextable to sort the kernel's exception table.")
Signed-off-by: Greg Kurz <groug@...d.org>
---
 scripts/sorttable.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/sorttable.c b/scripts/sorttable.c
index ec6b5e81eba1..5ad7a9bbff42 100644
--- a/scripts/sorttable.c
+++ b/scripts/sorttable.c
@@ -91,6 +91,7 @@ static void *mmap_file(char const *fname, size_t *size)
 	addr = mmap(0, sb.st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
 	if (addr == MAP_FAILED) {
 		fprintf(stderr, "Could not mmap file: %s\n", fname);
+		addr = NULL;
 		goto out;
 	}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ