| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210913114336.83684-1-xu.xin16@zte.com.cn>
Date: Mon, 13 Sep 2021 11:43:36 +0000
From: cgel.zte@...il.com
To: hare@...e.de
Cc: axboe@...nel.dk, jack@...e.cz, tj@...nel.org,
viro@...iv.linux.org.uk, xu.xin16@....com.cn,
linux-kernel@...r.kernel.org, Zeal Robot <zealci@....com.cn>,
zhang yunkai <zhang.yunkai@....com.cn>
Subject: [PATCH linux-next] init/do_mounts: fix potential memory out of bounds access
From: xu xin <xu.xin16@....com.cn>
Initially the pointer "p" points to the start of "pages".
In the loop "while(*p++) {...}", it ends when "*p" equals
to zero. Just after that, the pointer "p" moves forward
with "p++", so "p" may points ouf of "pages".
furthermore, it is no use to set *p = '\0', so we remove it.
Reported-by: Zeal Robot <zealci@....com.cn>
Acked-by: zhang yunkai<zhang.yunkai@....com.cn>
Signed-off-by: xu xin <xu.xin16@....com.cn>
---
init/do_mounts.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/init/do_mounts.c b/init/do_mounts.c
index 2ed30ff6c906..ee1172599249 100644
--- a/init/do_mounts.c
+++ b/init/do_mounts.c
@@ -348,7 +348,6 @@ static int __init split_fs_names(char *page, char *names)
if (p[-1] == ',')
p[-1] = '\0';
}
- *p = '\0';
for (p = page; *p; p += strlen(p)+1)
count++;
--
2.25.1
Powered by blists - more mailing lists