From: Emil Velikov <emil.l.velikov@xxxxxxxxx>
On mmap failure file->memory is set to -1, which we'll happily pass down
to munmap later on.
More importantly, since we do a NULL check in kmod_file_load_contents()
we will exit the function without (re)attempting the load again.
Since we ignore the return code for the load function(s), one can end up
calling kmod_elf_get_memory() and feed that -1 into init_module.
Signed-off-by: Emil Velikov <emil.l.velikov@xxxxxxxxx>
---
libkmod/libkmod-file.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libkmod/libkmod-file.c b/libkmod/libkmod-file.c
index abd4723..b408aed 100644
--- a/libkmod/libkmod-file.c
+++ b/libkmod/libkmod-file.c
@@ -392,8 +392,10 @@ static int load_reg(struct kmod_file *file)
file->size = st.st_size;
file->memory = mmap(NULL, file->size, PROT_READ, MAP_PRIVATE,
file->fd, 0);
- if (file->memory == MAP_FAILED)
+ if (file->memory == MAP_FAILED) {
+ file->memory = NULL;
return -errno;
+ }
return 0;
}
--
2.43.0
