| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250409150330.1238768-1-23110240084@m.fudan.edu.cn>
Date: Wed, 9 Apr 2025 23:03:30 +0800
From: ZiAo Li <23110240084@...udan.edu.cn>
To: netdev@...r.kernel.org
Cc: stephen@...workplumber.org,
ZiAo Li <23110240084@...udan.edu.cn>
Subject: [PATCH iproute2] nstat: NULL Dereference when no entries specified
The NULL Pointer Dereference vulnerability happens in load_ugly_table(), misc/nstat.c, in the latest version of iproute2.
The vulnerability can be triggered by:
1. db is set to NULL at struct nstat_ent *db = NULL;
2. n is set to NULL at n = db;
3. NULL dereference of variable n happens at sscanf(p+1, "%llu", &n->val) != 1
Signed-off-by: ZiAo Li <23110240084@...udan.edu.cn>
---
misc/nstat.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/misc/nstat.c b/misc/nstat.c
index fce3e9c1..b2e19bde 100644
--- a/misc/nstat.c
+++ b/misc/nstat.c
@@ -218,6 +218,10 @@ static void load_ugly_table(FILE *fp)
p = next;
}
n = db;
+ if (n == NULL) {
+ fprintf(stderr, "Error: Invalid input – line has ':' but no entries. Add values after ':'.\n");
+ exit(-2);
+ }
nread = getline(&buf, &buflen, fp);
if (nread == -1) {
fprintf(stderr, "%s:%d: error parsing history file\n",
--
2.34.1
Powered by blists - more mailing lists