lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Jan 2024 12:44:11 -0600
From: kotborealis@...oo.ru
To: Peter Zijlstra <peterz@...radead.org>
Cc: Ingo Molnar <mingo@...hat.com>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	Namhyung Kim <namhyung@...nel.org>,
	Mark Rutland <mark.rutland@....com>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	Jiri Olsa <jolsa@...nel.org>,
	Ian Rogers <irogers@...gle.com>,
	Adrian Hunter <adrian.hunter@...el.com>,
	Evgeny Pistun <kotborealis@...oo.ru>,
	linux-perf-users@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] perf data convert: Output empty string for null pointer

From: Evgeny Pistun <kotborealis@...oo.ru>

Providing ill-formed input to `perf data conver --to-json`
causes it to crash with segmentaton fault. There's a bug in
`output_json_string` functon: input string is not validated.
This could be reproduced by crafting input that does not specify
hostname/os-release/etc, which are written to 'headers' section of
outputted json.

This patch adds a null pointer check. If `output_json_string` is
called with a null pointer, it should output empty string (`""`).

Signed-off-by: Evgeny Pistun <kotborealis@...oo.ru>
---
 tools/perf/util/data-convert-json.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/data-convert-json.c b/tools/perf/util/data-convert-json.c
index 5bb3c2ba9..f8fd22bd7 100644
--- a/tools/perf/util/data-convert-json.c
+++ b/tools/perf/util/data-convert-json.c
@@ -42,7 +42,7 @@ struct convert_json {
 static void output_json_string(FILE *out, const char *s)
 {
 	fputc('"', out);
-	while (*s) {
+	while (s != NULL && *s) {
 		switch (*s) {
 
 		// required escapes with special forms as per RFC 8259
-- 
2.25.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ