lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Aug 2020 11:54:02 +0900 From: Seungil Kang <sil.kang@...sung.com> To: bhe@...hat.com, mingo@...nel.org Cc: akpm@...ux-foundation.org, gregkh@...uxfoundation.org, herbert@...dor.apana.org.au, andriy.shevchenko@...ux.intel.com, tglx@...utronix.de, linux-kernel@...r.kernel.org, Seungil Kang <sil.kang@...sung.com> Subject: [PATCH] lib/cmdline: prevent unintented access to address When args = "\"\0", "i" will be 0 and args[i-1] is used (line:238) Because of "i" is an unsigned int type, the function will access at args[0xFFFFFFFF] It can make a crash Signed-off-by: Seungil Kang <sil.kang@...sung.com> --- lib/cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/cmdline.c b/lib/cmdline.c index fbb9981a04a4..2fd29d7723b2 100644 --- a/lib/cmdline.c +++ b/lib/cmdline.c @@ -200,7 +200,7 @@ bool parse_option_str(const char *str, const char *option) */ char *next_arg(char *args, char **param, char **val) { - unsigned int i, equals = 0; + int i, equals = 0; int in_quote = 0, quoted = 0; char *next; -- 2.17.1
Powered by blists - more mailing lists