lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20240411232901.2c0aaa13f790d0ef97e484cd@kernel.org>
Date: Thu, 11 Apr 2024 23:29:01 +0900
From: Masami Hiramatsu (Google) <mhiramat@...nel.org>
To: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Yuntao Wang <ytcoode@...il.com>, linux-kernel@...r.kernel.org, Thomas
 Gleixner <tglx@...utronix.de>, Andrew Morton <akpm@...ux-foundation.org>,
 "ndesaulniers@...gle.com" <ndesaulniers@...gle.com>, Josh Poimboeuf
 <jpoimboe@...nel.org>, "Peter Zijlstra (Intel)" <peterz@...radead.org>,
 Tejun Heo <tj@...nel.org>, Christophe Leroy <christophe.leroy@...roup.eu>,
 Krister Johansen <kjlx@...pleofstupid.com>, Arnd Bergmann <arnd@...db.de>,
 Mike Rapoport <rppt@...nel.org>, Masami Hiramatsu <mhiramat@...nel.org>
Subject: Re: [PATCH] init/main.c: Fix potential static_command_line memory
 overflow

On Thu, 11 Apr 2024 09:23:47 +0200
Geert Uytterhoeven <geert@...ux-m68k.org> wrote:

> CC Hiramatsu-san
> 
> On Thu, Apr 11, 2024 at 5:25 AM Yuntao Wang <ytcoode@...il.com> wrote:
> > We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for
> > static_command_line, but the strings copied into static_command_line are
> > extra_command_line and command_line, rather than extra_command_line and
> > boot_command_line.
> >
> > When strlen(command_line) > strlen(boot_command_line), static_command_line
> > will overflow.

Hi Yuntao,

OK, but this is not a good way to fix.
We should introduce "slen = strlen(command_line) + xlen + 1" and use it for
allocating static_command_line.

> >
> > Fixes: f5c7310ac73e ("init/main: add checks for the return value of memblock_alloc*()")

As Mike pointed, this is not the best commit.

Fixes: 51887d03aca1 ("bootconfig: init: Allow admin to use bootconfig for kernel command line")

Thank you,

> > Signed-off-by: Yuntao Wang <ytcoode@...il.com>
> > ---
> >  init/main.c | 8 +++++---
> >  1 file changed, 5 insertions(+), 3 deletions(-)
> >
> > diff --git a/init/main.c b/init/main.c
> > index 2ca52474d0c3..a7b1f5f3e3b6 100644
> > --- a/init/main.c
> > +++ b/init/main.c
> > @@ -625,11 +625,13 @@ static void __init setup_command_line(char *command_line)
> >         if (extra_init_args)
> >                 ilen = strlen(extra_init_args) + 4; /* for " -- " */
> >
> > -       len = xlen + strlen(boot_command_line) + 1;
> > +       len = xlen + strlen(boot_command_line) + ilen + 1;
> >
> > -       saved_command_line = memblock_alloc(len + ilen, SMP_CACHE_BYTES);
> > +       saved_command_line = memblock_alloc(len, SMP_CACHE_BYTES);
> >         if (!saved_command_line)
> > -               panic("%s: Failed to allocate %zu bytes\n", __func__, len + ilen);
> > +               panic("%s: Failed to allocate %zu bytes\n", __func__, len);
> > +
> > +       len = xlen + strlen(command_line) + 1;
> >
> >         static_command_line = memblock_alloc(len, SMP_CACHE_BYTES);
> >         if (!static_command_line)
> 
> Gr{oetje,eeting}s,
> 
>                         Geert
> 
> -- 
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68korg
> 
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
>                                 -- Linus Torvalds
> 


-- 
Masami Hiramatsu (Google) <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ