| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Oct 2022 19:05:29 +0800
From: Xin Liu <liuxin350@...wei.com>
To: <ast@...nel.org>, <daniel@...earbox.net>, <andrii@...nel.org>,
<martin.lau@...ux.dev>, <song@...nel.org>, <yhs@...com>,
<john.fastabend@...il.com>, <kpsingh@...nel.org>, <sdf@...gle.com>,
<haoluo@...gle.com>, <jolsa@...nel.org>
CC: <bpf@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<yanan@...wei.com>, <wuchangye@...wei.com>,
<xiesongyang@...wei.com>, <zhudi2@...wei.com>,
<kongweibin2@...wei.com>, <liuxin350@...wei.com>
Subject: [PATCH] libbpf: glob_sym may be a NULL pointer and cause the program crash
I found that `glob_sym` does not check whether it is NULL when reading the
code. `glob_sym` obtains the pointer of btf information in the linker from
`find_glob_sym`, which may be return NULL pointer. However, the code then
references `glob_sym->sec_id`. This may cause program to crash.
Fixes: a46349227cd8 ("libbpf: Add linker extern resolution support for functions and global variables")
Signed-off-by: Xin Liu <liuxin350@...wei.com>
Signed-off-by: Weibin Kong <kongweibin2@...wei.com>
---
tools/lib/bpf/linker.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tools/lib/bpf/linker.c b/tools/lib/bpf/linker.c
index 4ac02c28e152..d02d2754910f 100644
--- a/tools/lib/bpf/linker.c
+++ b/tools/lib/bpf/linker.c
@@ -2355,6 +2355,11 @@ static int linker_append_btf(struct bpf_linker *linker, struct src_obj *obj)
if (btf_is_non_static(t)) {
name = btf__str_by_offset(linker->btf, t->name_off);
glob_sym = find_glob_sym(linker, name);
+ if (!glob_sym) {
+ pr_warn("global '%s': section mismatch %d\n", name,
+ dst_sec->id);
+ return -EINVAL;
+ }
if (glob_sym->sec_id != dst_sec->id) {
pr_warn("global '%s': section mismatch %d vs %d\n",
name, glob_sym->sec_id, dst_sec->id);
--
2.33.0
Powered by blists - more mailing lists