| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 May 2024 12:20:03 +0800
From: Zijun Hu <quic_zijuhu@...cinc.com>
To: <gregkh@...uxfoundation.org>, <rafael@...nel.org>,
<akpm@...ux-foundation.org>, <dmitry.torokhov@...il.com>
CC: <linux-kernel@...r.kernel.org>, <stable@...r.kernel.org>,
Zijun Hu
<quic_zijuhu@...cinc.com>
Subject: [PATCH] kobject_uevent: Fix OOB access within zap_modalias_env()
zap_modalias_env() wrongly calculates size of memory block
to move, so maybe cause OOB memory access issue, fixed by
correcting size to memmove.
Fixes: 9b3fa47d4a76 ("kobject: fix suppressing modalias in uevents delivered over netlink")
Cc: stable@...r.kernel.org
Signed-off-by: Zijun Hu <quic_zijuhu@...cinc.com>
---
lib/kobject_uevent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c
index 03b427e2707e..f153b4f9d4d9 100644
--- a/lib/kobject_uevent.c
+++ b/lib/kobject_uevent.c
@@ -434,7 +434,7 @@ static void zap_modalias_env(struct kobj_uevent_env *env)
if (i != env->envp_idx - 1) {
memmove(env->envp[i], env->envp[i + 1],
- env->buflen - len);
+ env->buf + env->buflen - env->envp[i + 1]);
for (j = i; j < env->envp_idx - 1; j++)
env->envp[j] = env->envp[j + 1] - len;
--
2.7.4
Powered by blists - more mailing lists