| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_AABA5D95191FCFD28DB325F58D8212525D07@qq.com> Date: Tue, 9 Apr 2024 19:37:43 +0800 From: Edward Adam Davis <eadavis@...com> To: syzbot+9b8be5e35747291236c8@...kaller.appspotmail.com Cc: andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org, daniel@...earbox.net, haoluo@...gle.com, john.fastabend@...il.com, jolsa@...nel.org, kpsingh@...nel.org, linux-kernel@...r.kernel.org, martin.lau@...ux.dev, sdf@...gle.com, song@...nel.org, syzkaller-bugs@...glegroups.com, yonghong.song@...ux.dev Subject: [PATCH] bpf: fix uninit-value in strnchr According to the context in bpf_bprintf_prepare(), this is checking if fmt ends with a NUL word. Therefore, strnchrnul() should be used for validation instead of strnchr(). Reported-by: syzbot+9b8be5e35747291236c8@...kaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@...com> --- kernel/bpf/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index 449b9a5d3fe3..07490eba24fe 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -826,7 +826,7 @@ int bpf_bprintf_prepare(char *fmt, u32 fmt_size, const u64 *raw_args, u64 cur_arg; char fmt_ptype, cur_ip[16], ip_spec[] = "%pXX"; - fmt_end = strnchr(fmt, fmt_size, 0); + fmt_end = strnchrnul(fmt, fmt_size, 0); if (!fmt_end) return -EINVAL; fmt_size = fmt_end - fmt; -- 2.43.0
Powered by blists - more mailing lists