| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEf4BzbhhcvAn4yCdHUZZSLCLotywRM5e_-12sYSjg7h8nbdmQ@mail.gmail.com>
Date: Mon, 24 Oct 2022 11:27:51 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Xin Liu <liuxin350@...wei.com>
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, song@...nel.org, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...gle.com,
haoluo@...gle.com, jolsa@...nel.org, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org, yanan@...wei.com,
wuchangye@...wei.com, xiesongyang@...wei.com, zhudi2@...wei.com,
kongweibin2@...wei.com
Subject: Re: [PATCH] libbpf: glob_sym may be a NULL pointer and cause the
program crash
On Sat, Oct 22, 2022 at 4:05 AM Xin Liu <liuxin350@...wei.com> wrote:
>
> I found that `glob_sym` does not check whether it is NULL when reading the
> code. `glob_sym` obtains the pointer of btf information in the linker from
> `find_glob_sym`, which may be return NULL pointer. However, the code then
> references `glob_sym->sec_id`. This may cause program to crash.
>
May cause a crash or did you actually see an example of such a crash?
As far as I can see from the code, such global_sym is guaranteed to
exist, see how btf_type_map is filled in linker_append_btf(), slightly
above the code you are trying to fix
> Fixes: a46349227cd8 ("libbpf: Add linker extern resolution support for functions and global variables")
> Signed-off-by: Xin Liu <liuxin350@...wei.com>
> Signed-off-by: Weibin Kong <kongweibin2@...wei.com>
> ---
> tools/lib/bpf/linker.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/tools/lib/bpf/linker.c b/tools/lib/bpf/linker.c
> index 4ac02c28e152..d02d2754910f 100644
> --- a/tools/lib/bpf/linker.c
> +++ b/tools/lib/bpf/linker.c
> @@ -2355,6 +2355,11 @@ static int linker_append_btf(struct bpf_linker *linker, struct src_obj *obj)
> if (btf_is_non_static(t)) {
> name = btf__str_by_offset(linker->btf, t->name_off);
> glob_sym = find_glob_sym(linker, name);
> + if (!glob_sym) {
> + pr_warn("global '%s': section mismatch %d\n", name,
> + dst_sec->id);
> + return -EINVAL;
> + }
> if (glob_sym->sec_id != dst_sec->id) {
> pr_warn("global '%s': section mismatch %d vs %d\n",
> name, glob_sym->sec_id, dst_sec->id);
> --
> 2.33.0
>
Powered by blists - more mailing lists