From: Lucas De Marchi <lucas.demarchi@xxxxxxxxx> The softdep config parser uses a 2-pass approach to use a single allocation for all the softdep struct. However "was_space" variable isn't reset between them. This can lead to a buffer overflow. Reported-by: Jorge Lucangeli Obes <jorgelo@xxxxxxxxxx> Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@xxxxxxxxxxxxxx --- libkmod/libkmod-config.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c index aaac0a1..7b62367 100644 --- a/libkmod/libkmod-config.c +++ b/libkmod/libkmod-config.c @@ -335,6 +335,7 @@ static int kmod_config_add_softdep(struct kmod_config *config, n_pre = 0; n_post = 0; mode = S_NONE; + was_space = false; for (p = s = line; ; s++) { size_t plen; -- 2.24.1
