[TEXTSEARCH]: Do not allow zero length patterns in the textsearch infrastructure If a zero length pattern is passed then return EINVAL. Avoids infinite loops (bm) or invalid memory accesses (kmp). Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> --- commit d3161d25f17eca4f57ea85485f453a6209d0c919 tree d1ea696ac2fc68cd79d43975e5d56940c04a2342 parent 7f6c4730c53415caee7cb0ed4c1adad48de3bb07 author Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Fri, 30 Nov 2007 00:54:50 +0100 committer Patrick McHardy <kaber@xxxxxxxxx> Fri, 30 Nov 2007 00:54:50 +0100 lib/textsearch.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/textsearch.c b/lib/textsearch.c index 88c98a2..be8bda3 100644 --- a/lib/textsearch.c +++ b/lib/textsearch.c @@ -7,7 +7,7 @@ * 2 of the License, or (at your option) any later version. * * Authors: Thomas Graf <tgraf@xxxxxxx> - * Pablo Neira Ayuso <pablo@xxxxxxxxxxx> + * Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> * * ========================================================================== * @@ -250,7 +250,8 @@ unsigned int textsearch_find_continuous(struct ts_config *conf, * the various search algorithms. * * Returns a new textsearch configuration according to the specified - * parameters or a ERR_PTR(). + * parameters or a ERR_PTR(). If a zero length pattern is passed, this + * function returns EINVAL. */ struct ts_config *textsearch_prepare(const char *algo, const void *pattern, unsigned int len, gfp_t gfp_mask, int flags) @@ -259,6 +260,9 @@ struct ts_config *textsearch_prepare(const char *algo, const void *pattern, struct ts_config *conf; struct ts_ops *ops; + if (len == 0) + return ERR_PTR(-EINVAL); + ops = lookup_ts_algo(algo); #ifdef CONFIG_KMOD /* - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html