| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241216042752.257090-2-leocstone@gmail.com>
Date: Sun, 15 Dec 2024 20:27:51 -0800
From: Leo Stone <leocstone@...il.com>
To: syzbot+8a3da2f1bbf59227c289@...kaller.appspotmail.com
Cc: Leo Stone <leocstone@...il.com>,
akpm@...ux-foundation.org,
linux-kernel@...r.kernel.org,
linux-mm@...ck.org,
syzkaller-bugs@...glegroups.com
Subject: [PATCH] mm: huge_memory: Handle strsep not finding delimiter
split_huge_pages_write does not handle the case where strsep finds no
delimiter in the given string and sets the input buffer to NULL,
which allows this reproducer to trigger a protection fault.
Reported-by: syzbot+8a3da2f1bbf59227c289@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=8a3da2f1bbf59227c289
Signed-off-by: Leo Stone <leocstone@...il.com>
---
mm/huge_memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index ee335d96fc39..361319f749f0 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -4168,7 +4168,7 @@ static ssize_t split_huge_pages_write(struct file *file, const char __user *buf,
size_t input_len = strlen(input_buf);
tok = strsep(&buf, ",");
- if (tok) {
+ if (tok && buf) {
strscpy(file_path, tok);
} else {
ret = -EINVAL;
--
2.43.0
Powered by blists - more mailing lists