Re: [PATCH v2] Fixed the segment fault when ikconfig passed nonstandard values

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



在 2021/1/5 下午4:36, HAGIO KAZUHITO(萩尾 一仁) 写道:
Hi Jackie,

-----Original Message-----
From: Jackie Liu <liuyun01@xxxxxxxxxx>

Some strange reasons may cause kcore to collect some strange
entries of ikconfig, such as CONFIG_SECU+[some hex data] causes
the 'val' to be NULL, and then crashes when strdup.

CONFIG_SECU+[some hex data] to be **strings that don't
contain the delimitor string '='** and then strtok_r() interprets
it as consisting of a single token, hence val resulting in having NULL.
Thanks for the update, I will modify the commit message a bit more
as follows, I think you use arm64 kernels:

Aha, 100% correct. It's arm64 platform on Hisilicom hi1620.

---
Fix for a segmentation fault when analyzing arm64 kernels that are
configured with CONFIG_IKCONFIG and have a strange entry that does
not contain the delimiter "=", such as "CONFIG_SECU+[some hex data]".

Without the patch, in the add_ikconfig_entry() function, strtok_r()
interprets it as consisting of a single token and the val variable
is set to NULL, and then strdup() crashes.
---

and
Acked-by: Kazuhito Hagio <k-hagio-ab@xxxxxxx>

Please wait for another ack.

Sure. thanks. Jackie.


Thanks,
Kazu

[d.hatayama@xxxxxxxxxxx: rewrite comment]
Suggested-by: HAGIO KAZUHITO(萩尾 一仁) <k-hagio-ab@xxxxxxx>
Signed-off-by: Jackie Liu <liuyun01@xxxxxxxxxx>
---
  kernel.c | 14 +++++++++++---
  1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/kernel.c b/kernel.c
index 9871637..c8182a6 100644
--- a/kernel.c
+++ b/kernel.c
@@ -10236,7 +10236,7 @@ static struct ikconfig_list {
  	char *val;
  } *ikconfig_all;

-static void add_ikconfig_entry(char *line, struct ikconfig_list *ent)
+static int add_ikconfig_entry(char *line, struct ikconfig_list *ent)
  {
  	char *tokptr, *name, *val;

@@ -10244,8 +10244,16 @@ static void add_ikconfig_entry(char *line, struct ikconfig_list *ent)
  	sscanf(name, "CONFIG_%s", name);
  	val = strtok_r(NULL, "", &tokptr);

+	if (!val) {
+		if (CRASHDEBUG(2))
+			error(WARNING, "invalid ikconfig entry: %s\n", line);
+		return FALSE;
+	}
+
  	ent->name = strdup(name);
  	ent->val = strdup(val);
+
+	return TRUE;
  }

  static int setup_ikconfig(char *config)
@@ -10265,8 +10273,8 @@ static int setup_ikconfig(char *config)
  			ent++;

  		if (STRNEQ(ent, "CONFIG_")) {
-			add_ikconfig_entry(ent,
-					 &ikconfig_all[kt->ikconfig_ents++]);
+			if (add_ikconfig_entry(ent, &ikconfig_all[kt->ikconfig_ents]))
+				kt->ikconfig_ents++;
  			if (kt->ikconfig_ents == IKCONFIG_MAX) {
  				error(WARNING, "ikconfig overflow.\n");
  				return 1;
--
2.17.1





--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility




[Index of Archives]     [Fedora Development]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]

 

Powered by Linux