[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20211018173511.26542-1-skhan@linuxfoundation.org>
Date: Mon, 18 Oct 2021 11:35:11 -0600
From: Shuah Khan <skhan@...uxfoundation.org>
To: mcgrof@...nel.org, jeyu@...nel.org
Cc: Shuah Khan <skhan@...uxfoundation.org>,
linux-kernel@...r.kernel.org
Subject: [PATCH v2] module: fix validate_section_offset() overflow bug on 64-bit
validate_section_offset() uses unsigned long local variable to
add/store shdr->sh_offset and shdr->sh_size on all platforms.
unsigned long is too short when sh_offset is Elf64_Off which
would be the case on 64bit ELF headers.
This problem was found while adding an error message to print
sh_offset and sh_size. If sh_offset + sh_size exceed the size
of the local variable, the checks for overflow and offset/size
being too large will not find the problem and call the section
offset valid. This failure might cause problems later on.
Fix the overflow problem using the right size local variable when
CONFIG_64BIT is defined.
Signed-off-by: Shuah Khan <skhan@...uxfoundation.org>
---
Changes since v1:
- Updated commit log to describe the fix clearly. No code
changes.
kernel/module.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/module.c b/kernel/module.c
index ad03a2357377..84a9141a5e15 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2942,7 +2942,11 @@ static int module_sig_check(struct load_info *info, int flags)
static int validate_section_offset(struct load_info *info, Elf_Shdr *shdr)
{
+#if defined(CONFIG_64BIT)
+ unsigned long long secend;
+#else
unsigned long secend;
+#endif
/*
* Check for both overflow and offset/size being
--
2.30.2
Powered by blists - more mailing lists