| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200803011534.730645-2-nivedita@alum.mit.edu>
Date: Sun, 2 Aug 2020 21:15:34 -0400
From: Arvind Sankar <nivedita@...m.mit.edu>
To: Ingo Molnar <mingo@...nel.org>, Kees Cook <keescook@...omium.org>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 1/1] x86/kaslr: Replace strlen with strnlen
strnlen is safer in case the command line is not NUL-terminated.
Signed-off-by: Arvind Sankar <nivedita@...m.mit.edu>
---
arch/x86/boot/compressed/kaslr.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 903ccdca0551..a5842eea84cb 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -43,6 +43,10 @@
#define STATIC
#include <linux/decompress/mm.h>
+#define _SETUP
+#include <asm/setup.h> /* For COMMAND_LINE_SIZE */
+#undef _SETUP
+
#ifdef CONFIG_X86_5LEVEL
unsigned int __pgtable_l5_enabled;
unsigned int pgdir_shift __ro_after_init = 39;
@@ -278,7 +282,7 @@ static void handle_mem_options(void)
if (!args)
return;
- len = strlen(args);
+ len = strnlen(args, COMMAND_LINE_SIZE-1);
tmp_cmdline = malloc(len + 1);
if (!tmp_cmdline)
error("Failed to allocate space for tmp_cmdline");
@@ -425,7 +429,7 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
cmd_line = get_cmd_line_ptr();
/* Calculate size of cmd_line. */
if (cmd_line) {
- cmd_line_size = strlen((char *)cmd_line) + 1;
+ cmd_line_size = strnlen((char *)cmd_line, COMMAND_LINE_SIZE-1) + 1;
mem_avoid[MEM_AVOID_CMDLINE].start = cmd_line;
mem_avoid[MEM_AVOID_CMDLINE].size = cmd_line_size;
add_identity_map(mem_avoid[MEM_AVOID_CMDLINE].start,
--
2.26.2
Powered by blists - more mailing lists