On Mon, Jan 20, 2020 at 4:22 PM Lucas De Marchi <lucas.de.marchi@xxxxxxxxx> wrote: > > From: Lucas De Marchi <lucas.demarchi@xxxxxxxxx> > > The softdep config parser uses a 2-pass approach to use a single > allocation for all the softdep struct. However "was_space" variable > isn't reset between them. This can lead to a buffer overflow. > > Reported-by: Jorge Lucangeli Obes <jorgelo@xxxxxxxxxx> > Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@xxxxxxxxxxxxxx > --- Applied, Lucas De Marchi > libkmod/libkmod-config.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c > index aaac0a1..7b62367 100644 > --- a/libkmod/libkmod-config.c > +++ b/libkmod/libkmod-config.c > @@ -335,6 +335,7 @@ static int kmod_config_add_softdep(struct kmod_config *config, > n_pre = 0; > n_post = 0; > mode = S_NONE; > + was_space = false; > for (p = s = line; ; s++) { > size_t plen; > > -- > 2.24.1 > -- Lucas De Marchi
