| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1f4d159e-5382-3c75-bd5e-42337ecd8c28@omp.ru>
Date: Fri, 6 Jan 2023 00:16:31 +0300
From: Sergey Shtylyov <s.shtylyov@....ru>
To: Petr Mladek <pmladek@...e.com>,
Steven Rostedt <rostedt@...dmis.org>,
Sergey Senozhatsky <senozhatsky@...omium.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>
CC: <linux-kernel@...r.kernel.org>
Subject: [PATCH] vsprintf: fix possible NULL pointer deref in vsnprintf()
In vsnprintf() etc, C99 allows the 'buf' argument to be NULL when the
'size' argument equals 0. Let us treat NULL passed as if the 'buf'
argument pointed to a 0-sized buffer, so that we can avoid a NULL pointer
dereference and still return the # of characters that would be written if
'buf' pointed to a valid buffer...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Signed-off-by: Sergey Shtylyov <s.shtylyov@....ru>
---
This patch is against the 'master' branch of the PRINTK Group's repo...
lib/vsprintf.c | 9 +++++++++
1 file changed, 9 insertions(+)
Index: linux/lib/vsprintf.c
===================================================================
--- linux.orig/lib/vsprintf.c
+++ linux/lib/vsprintf.c
@@ -2738,6 +2738,15 @@ int vsnprintf(char *buf, size_t size, co
if (WARN_ON_ONCE(size > INT_MAX))
return 0;
+ /*
+ * C99 allows @buf to be NULL when @size is 0. We treat such NULL as if
+ * @buf pointed to 0-sized buffer, so we can both avoid a NULL pointer
+ * dereference and still return # of characters that would be written
+ * if @buf pointed to a valid buffer...
+ */
+ if (!buf)
+ size = 0;
+
str = buf;
end = buf + size;
Powered by blists - more mailing lists