lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 24 Oct 2022 11:27:51 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Xin Liu <liuxin350@...wei.com>
Cc:     ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
        martin.lau@...ux.dev, song@...nel.org, yhs@...com,
        john.fastabend@...il.com, kpsingh@...nel.org, sdf@...gle.com,
        haoluo@...gle.com, jolsa@...nel.org, bpf@...r.kernel.org,
        linux-kernel@...r.kernel.org, yanan@...wei.com,
        wuchangye@...wei.com, xiesongyang@...wei.com, zhudi2@...wei.com,
        kongweibin2@...wei.com
Subject: Re: [PATCH] libbpf: glob_sym may be a NULL pointer and cause the
 program crash

On Sat, Oct 22, 2022 at 4:05 AM Xin Liu <liuxin350@...wei.com> wrote:
>
> I found that `glob_sym` does not check whether it is NULL when reading the
> code. `glob_sym` obtains the pointer of btf information in the linker from
> `find_glob_sym`, which may be return NULL pointer. However, the code then
> references `glob_sym->sec_id`. This may cause program to crash.
>

May cause a crash or did you actually see an example of such a crash?

As far as I can see from the code, such global_sym is guaranteed to
exist, see how btf_type_map is filled in linker_append_btf(), slightly
above the code you are trying to fix


> Fixes: a46349227cd8 ("libbpf: Add linker extern resolution support for functions and global variables")
> Signed-off-by: Xin Liu <liuxin350@...wei.com>
> Signed-off-by: Weibin Kong <kongweibin2@...wei.com>
> ---
>  tools/lib/bpf/linker.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/tools/lib/bpf/linker.c b/tools/lib/bpf/linker.c
> index 4ac02c28e152..d02d2754910f 100644
> --- a/tools/lib/bpf/linker.c
> +++ b/tools/lib/bpf/linker.c
> @@ -2355,6 +2355,11 @@ static int linker_append_btf(struct bpf_linker *linker, struct src_obj *obj)
>                         if (btf_is_non_static(t)) {
>                                 name = btf__str_by_offset(linker->btf, t->name_off);
>                                 glob_sym = find_glob_sym(linker, name);
> +                               if (!glob_sym) {
> +                                       pr_warn("global '%s': section mismatch %d\n", name,
> +                                               dst_sec->id);
> +                                       return -EINVAL;
> +                               }
>                                 if (glob_sym->sec_id != dst_sec->id) {
>                                         pr_warn("global '%s': section mismatch %d vs %d\n",
>                                                 name, glob_sym->sec_id, dst_sec->id);
> --
> 2.33.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ