| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170821144651.5379-1-phil@nwl.cc>
Date: Mon, 21 Aug 2017 16:46:51 +0200
From: Phil Sutter <phil@....cc>
To: Stephen Hemminger <stephen@...workplumber.org>
Cc: netdev@...r.kernel.org
Subject: [iproute PATCH v2] lib/bpf: Don't leak fp in bpf_find_mntpt()
If fopen() succeeded but len != PATH_MAX, the function leaks the open
FILE pointer. Fix this by checking len value before calling fopen().
Signed-off-by: Phil Sutter <phil@....cc>
Acked-by: Daniel Borkmann <daniel@...earbox.net>
---
No change since v1, just resubmitting - I forgot to add it to the
relevant patch chunk when splitting the big series up. Added Daniel's
ACK from his v1 review.
---
lib/bpf.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/bpf.c b/lib/bpf.c
index 4f52ad4a8f023..1dcb261dc915f 100644
--- a/lib/bpf.c
+++ b/lib/bpf.c
@@ -537,8 +537,11 @@ static const char *bpf_find_mntpt(const char *fstype, unsigned long magic,
}
}
+ if (len != PATH_MAX)
+ return NULL;
+
fp = fopen("/proc/mounts", "r");
- if (fp == NULL || len != PATH_MAX)
+ if (fp == NULL)
return NULL;
while (fscanf(fp, "%*s %" textify(PATH_MAX) "s %99s %*s %*d %*d\n",
--
2.13.1
Powered by blists - more mailing lists