lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 12 Aug 2020 11:54:02 +0900
From:   Seungil Kang <sil.kang@...sung.com>
To:     bhe@...hat.com, mingo@...nel.org
Cc:     akpm@...ux-foundation.org, gregkh@...uxfoundation.org,
        herbert@...dor.apana.org.au, andriy.shevchenko@...ux.intel.com,
        tglx@...utronix.de, linux-kernel@...r.kernel.org,
        Seungil Kang <sil.kang@...sung.com>
Subject: [PATCH] lib/cmdline: prevent unintented access to address

When args = "\"\0", "i" will be 0 and args[i-1] is used (line:238)
Because of "i" is an unsigned int type,
the function will access at args[0xFFFFFFFF]
It can make a crash

Signed-off-by: Seungil Kang <sil.kang@...sung.com>
---
 lib/cmdline.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/cmdline.c b/lib/cmdline.c
index fbb9981a04a4..2fd29d7723b2 100644
--- a/lib/cmdline.c
+++ b/lib/cmdline.c
@@ -200,7 +200,7 @@ bool parse_option_str(const char *str, const char *option)
  */
 char *next_arg(char *args, char **param, char **val)
 {
-	unsigned int i, equals = 0;
+	int i, equals = 0;
 	int in_quote = 0, quoted = 0;
 	char *next;
 
-- 
2.17.1

Powered by blists - more mailing lists