| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Dec 2023 13:57:32 +0800
From: fuqiang wang <fuqiang.wang@...ystack.cn>
To: Baoquan He <bhe@...hat.com>,
Vivek Goyal <vgoyal@...hat.com>,
Dave Young <dyoung@...hat.com>,
Yuntao Wang <ytcoode@...il.com>
Cc: kexec@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v2 2/2] kexec: Fix potential out of bounds in crash_exclude_mem_range()
When the split does not occur on the last array member, the current code
will not return an error. So the correct array out-of-bounds check should
be mem->nr_ranges >= mem->max_nr_ranges.
When the OOB happen, the cmem->ranges[] have changed, so return early to
avoid it.
Signed-off-by: fuqiang wang <fuqiang.wang@...ystack.cn>
---
kernel/crash_core.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/kernel/crash_core.c b/kernel/crash_core.c
index d4313b53837e..b1ab61c74fd2 100644
--- a/kernel/crash_core.c
+++ b/kernel/crash_core.c
@@ -611,6 +611,9 @@ int crash_exclude_mem_range(struct crash_mem *mem,
}
if (p_start > start && p_end < end) {
+ /* Split happened */
+ if (mem->nr_ranges >= mem->max_nr_ranges)
+ return -ENOMEM;
/* Split original range */
mem->ranges[i].end = p_start - 1;
temp_range.start = p_end + 1;
@@ -626,10 +629,6 @@ int crash_exclude_mem_range(struct crash_mem *mem,
if (!temp_range.end)
return 0;
- /* Split happened */
- if (i == mem->max_nr_ranges - 1)
- return -ENOMEM;
-
/* Location where new range should go */
j = i + 1;
if (j < mem->nr_ranges) {
--
2.42.0
Powered by blists - more mailing lists