libkmod: reset was_space on second pass
diff mbox series

Message ID 20200120192210.6370-1-lucas.de.marchi@gmail.com
State New
Headers show
Series
  • libkmod: reset was_space on second pass
Related show

Commit Message

Lucas De Marchi Jan. 20, 2020, 7:22 p.m. UTC
From: Lucas De Marchi <lucas.demarchi@intel.com>

The softdep config parser uses a 2-pass approach to use a single
allocation for all the softdep struct. However "was_space" variable
isn't reset between them. This can lead to a buffer overflow.

Reported-by: Jorge Lucangeli Obes <jorgelo@google.com>
Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@mail.gmail.com
---
 libkmod/libkmod-config.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Lucas De Marchi Jan. 27, 2020, 1:46 p.m. UTC | #1
On Mon, Jan 20, 2020 at 4:22 PM Lucas De Marchi
<lucas.de.marchi@gmail.com> wrote:
>
> From: Lucas De Marchi <lucas.demarchi@intel.com>
>
> The softdep config parser uses a 2-pass approach to use a single
> allocation for all the softdep struct. However "was_space" variable
> isn't reset between them. This can lead to a buffer overflow.
>
> Reported-by: Jorge Lucangeli Obes <jorgelo@google.com>
> Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@mail.gmail.com
> ---

Applied,

Lucas De Marchi

>  libkmod/libkmod-config.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c
> index aaac0a1..7b62367 100644
> --- a/libkmod/libkmod-config.c
> +++ b/libkmod/libkmod-config.c
> @@ -335,6 +335,7 @@ static int kmod_config_add_softdep(struct kmod_config *config,
>         n_pre = 0;
>         n_post = 0;
>         mode = S_NONE;
> +       was_space = false;
>         for (p = s = line; ; s++) {
>                 size_t plen;
>
> --
> 2.24.1
>
Jorge Lucangeli Obes Jan. 28, 2020, 3:03 p.m. UTC | #2
Thanks!

On Mon, Jan 27, 2020 at 8:46 AM Lucas De Marchi
<lucas.de.marchi@gmail.com> wrote:
>
> On Mon, Jan 20, 2020 at 4:22 PM Lucas De Marchi
> <lucas.de.marchi@gmail.com> wrote:
> >
> > From: Lucas De Marchi <lucas.demarchi@intel.com>
> >
> > The softdep config parser uses a 2-pass approach to use a single
> > allocation for all the softdep struct. However "was_space" variable
> > isn't reset between them. This can lead to a buffer overflow.
> >
> > Reported-by: Jorge Lucangeli Obes <jorgelo@google.com>
> > Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@mail.gmail.com
> > ---
>
> Applied,
>
> Lucas De Marchi
>
> >  libkmod/libkmod-config.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c
> > index aaac0a1..7b62367 100644
> > --- a/libkmod/libkmod-config.c
> > +++ b/libkmod/libkmod-config.c
> > @@ -335,6 +335,7 @@ static int kmod_config_add_softdep(struct kmod_config *config,
> >         n_pre = 0;
> >         n_post = 0;
> >         mode = S_NONE;
> > +       was_space = false;
> >         for (p = s = line; ; s++) {
> >                 size_t plen;
> >
> > --
> > 2.24.1
> >
>
>
> --
> Lucas De Marchi

Patch
diff mbox series

diff --git a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c
index aaac0a1..7b62367 100644
--- a/libkmod/libkmod-config.c
+++ b/libkmod/libkmod-config.c
@@ -335,6 +335,7 @@  static int kmod_config_add_softdep(struct kmod_config *config,
 	n_pre = 0;
 	n_post = 0;
 	mode = S_NONE;
+	was_space = false;
 	for (p = s = line; ; s++) {
 		size_t plen;