| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20211201054855.5449-1-zhangyue1@kylinos.cn>
Date: Wed, 1 Dec 2021 13:48:55 +0800
From: zhangyue <zhangyue1@...inos.cn>
To: naveen.n.rao@...ux.ibm.com, anil.s.keshavamurthy@...el.com,
davem@...emloft.net, mhiramat@...nel.org
Cc: linux-kernel@...r.kernel.org
Subject: [PATCH] kprobes: fix out-of-bounds in register_kretprobe
When the data 'rp->data_size' is negative, the code
'sizeof(struct kretprobe_instance)+rp->data_size'
is less than 'sizeof(struct kretprobe_instance)'
At this time, the pointer 'inst' may be out of
bound when it is in use.
Signed-off-by: zhangyue <zhangyue1@...inos.cn>
---
kernel/kprobes.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 1cf8bca1ea86..71cf6bde299f 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1983,7 +1983,7 @@ int kprobe_on_func_entry(kprobe_opcode_t *addr, const char *sym, unsigned long o
int register_kretprobe(struct kretprobe *rp)
{
int ret;
- struct kretprobe_instance *inst;
+ struct kretprobe_instance *inst = NULL;
int i;
void *addr;
@@ -2024,7 +2024,8 @@ int register_kretprobe(struct kretprobe *rp)
rp->rph->rp = rp;
for (i = 0; i < rp->maxactive; i++) {
- inst = kzalloc(sizeof(struct kretprobe_instance) +
+ if (rp->data_size >= 0)
+ inst = kzalloc(sizeof(struct kretprobe_instance) +
rp->data_size, GFP_KERNEL);
if (inst == NULL) {
refcount_set(&rp->rph->ref, i);
--
2.30.0
Powered by blists - more mailing lists