| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2024 12:44:11 -0600
From: kotborealis@...oo.ru
To: Peter Zijlstra <peterz@...radead.org>
Cc: Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Namhyung Kim <namhyung@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>,
Ian Rogers <irogers@...gle.com>,
Adrian Hunter <adrian.hunter@...el.com>,
Evgeny Pistun <kotborealis@...oo.ru>,
linux-perf-users@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] perf data convert: Output empty string for null pointer
From: Evgeny Pistun <kotborealis@...oo.ru>
Providing ill-formed input to `perf data conver --to-json`
causes it to crash with segmentaton fault. There's a bug in
`output_json_string` functon: input string is not validated.
This could be reproduced by crafting input that does not specify
hostname/os-release/etc, which are written to 'headers' section of
outputted json.
This patch adds a null pointer check. If `output_json_string` is
called with a null pointer, it should output empty string (`""`).
Signed-off-by: Evgeny Pistun <kotborealis@...oo.ru>
---
tools/perf/util/data-convert-json.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/data-convert-json.c b/tools/perf/util/data-convert-json.c
index 5bb3c2ba9..f8fd22bd7 100644
--- a/tools/perf/util/data-convert-json.c
+++ b/tools/perf/util/data-convert-json.c
@@ -42,7 +42,7 @@ struct convert_json {
static void output_json_string(FILE *out, const char *s)
{
fputc('"', out);
- while (*s) {
+ while (s != NULL && *s) {
switch (*s) {
// required escapes with special forms as per RFC 8259
--
2.25.1
Powered by blists - more mailing lists