| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241007164648.20926-1-richard120310@gmail.com> Date: Tue, 8 Oct 2024 00:46:48 +0800 From: I Hsin Cheng <richard120310@...il.com> To: martin.lau@...ux.dev Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org, eddyz87@...il.com, song@...nel.org, yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org, sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, bpf@...r.kernel.org, linux-kernel@...r.kernel.org, I Hsin Cheng <richard120310@...il.com> Subject: [PATCH] libbpf: Fix integer overflow issue Fix integer overflow issue discovered by coverity scan, where "bpf_program_fd()" might return a value less than zero. Assignment of "prog_fd" to "kern_data" will result in integer overflow in that case. Do a pre-check after the program fd is returned, if it's negative we should ignore this program and move on, or maybe add some error handling mechanism here. Signed-off-by: I Hsin Cheng <richard120310@...il.com> --- tools/lib/bpf/libbpf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index a3be6f8fac09..95fb5e48e79e 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -8458,6 +8458,9 @@ static void bpf_map_prepare_vdata(const struct bpf_map *map) continue; prog_fd = bpf_program__fd(prog); + if (prog_fd < 0) + continue; + kern_data = st_ops->kern_vdata + st_ops->kern_func_off[i]; *(unsigned long *)kern_data = prog_fd; } -- 2.43.0
Powered by blists - more mailing lists