lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240406151457.4774-1-m.lobanov@rosalinux.ru>
Date: Sat,  6 Apr 2024 11:14:55 -0400
From: Mikhail Lobanov <m.lobanov@...alinux.ru>
To: Martin KaFai Lau <martin.lau@...ux.dev>
Cc: Mikhail Lobanov <m.lobanov@...alinux.ru>,
	Alexei Starovoitov <ast@...nel.org>,
	Andrii Nakryiko <andrii@...nel.org>,
	Song Liu <song@...nel.org>,
	Roman Gushchin <roman.gushchin@...ux.dev>,
	bpf@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	stable@...r.kernel.org
Subject: [PATCH] bpf: dereference of null in __cgroup_bpf_query() function

In the __cgroup_bpf_query() function, it is possible to dereference
the null pointer in the line id = prog->aux->id; since there is no
check for a non-zero value of the variable prog.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: af6eea57437a ("bpf: Implement bpf_link-based cgroup BPF program attachment")
Cc: stable@...r.kernel.org
Signed-off-by: Mikhail Lobanov <m.lobanov@...alinux.ru>
---
 kernel/bpf/cgroup.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 491d20038cbe..7f2db96f0c6a 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -1092,6 +1092,8 @@ static int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
 			i = 0;
 			hlist_for_each_entry(pl, progs, node) {
 				prog = prog_list_prog(pl);
+               	       	if (!prog_list_prog(pl))
+				continue;
 				id = prog->aux->id;
 				if (copy_to_user(prog_ids + i, &id, sizeof(id)))
 					return -EFAULT;
-- 
2.43.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ