| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 1 Jul 2023 11:37:27 -0700
From: Namhyung Kim <namhyung@...nel.org>
To: Ian Rogers <irogers@...gle.com>
Cc: Arnaldo Carvalho de Melo <acme@...hat.com>,
Chenyuan Mi <cymi20@...an.edu.cn>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1] lib subcmd: Avoid use-after-free when no commands are excluded
On Mon, Jun 26, 2023 at 3:22 PM Ian Rogers <irogers@...gle.com> wrote:
>
> The array shortening may be an unnecessary array copy. Before commit
> 657a3efee43a ("lib subcmd: Avoid memory leak in exclude_cmds") this
> was benign, but afterwards this could lead to a segv.
>
> Fixes: 657a3efee43a ("lib subcmd: Avoid memory leak in exclude_cmds")
> Signed-off-by: Ian Rogers <irogers@...gle.com>
> ---
> tools/lib/subcmd/help.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/tools/lib/subcmd/help.c b/tools/lib/subcmd/help.c
> index 67a8d6b740ea..b59ca17e406d 100644
> --- a/tools/lib/subcmd/help.c
> +++ b/tools/lib/subcmd/help.c
> @@ -77,10 +77,11 @@ void exclude_cmds(struct cmdnames *cmds, struct cmdnames *excludes)
> ei++;
> }
> }
> -
> - while (ci < cmds->cnt) {
> - zfree(&cmds->names[cj]);
> - cmds->names[cj++] = cmds->names[ci++];
> + if (ci != cj) {
> + while (ci < cmds->cnt) {
> + zfree(&cmds->names[cj]);
> + cmds->names[cj++] = cmds->names[ci++];
I'm not sure I'm following the logic in this function well
but it seems we also need to check the same thing
in the above loop - if (cmp < 0).
Thanks,
Namhyung
> + }
> }
> for (ci = cj; ci < cmds->cnt; ci++)
> zfree(&cmds->names[ci]);
> --
> 2.41.0.162.gfafddb0af9-goog
>
Powered by blists - more mailing lists