| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230307090358.21346-1-lengxujun2007@126.com>
Date: Tue, 7 Mar 2023 17:03:58 +0800
From: Xujun Leng <lengxujun2007@....com>
To: akpm@...ux-foundation.org
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Xujun Leng <lengxujun2007@....com>
Subject: [PATCH] mm: fix potential invalid pointer dereference in kmemdup()
If kmemdup() was called with src == NULL, then memcpy() source address
is fatal, and if kmemdup() was called with len == 0, kmalloc_track_caller()
will return ZERO_SIZE_PTR to variable p, then memcpy() destination address
is fatal. Both 2 cases will cause an invalid pointer dereference.
Signed-off-by: Xujun Leng <lengxujun2007@....com>
---
mm/util.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/mm/util.c b/mm/util.c
index dd12b9531ac4..d1a3b3d2988e 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -128,6 +128,9 @@ void *kmemdup(const void *src, size_t len, gfp_t gfp)
{
void *p;
+ if (!src || len == 0)
+ return NULL;
+
p = kmalloc_track_caller(len, gfp);
if (p)
memcpy(p, src, len);
--
2.25.1
Powered by blists - more mailing lists