3.6.11.5 stable review patch.
If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@xxxxxxxxxx>
[ Upstream commit 264b83c07a84223f0efd0d1db9ccc66d6f88288f ]
argv_split(empty_or_all_spaces) happily succeeds, it simply returns
argc == 0 and argv[0] == NULL. Change call_usermodehelper_exec() to
check sub_info->path != NULL to avoid the crash.
This is the minimal fix, todo:
- perhaps we should change argv_split() to return NULL or change the
callers.
- kill or justify ->path[0] check
- narrow the scope of helper_lock()
Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>
Acked-By: Lucas De Marchi <lucas.demarchi@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
---
kernel/kmod.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 6f99aea..122a299 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -558,6 +558,11 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait)
int retval = 0;
helper_lock();
+ if (!sub_info->path) {
+ retval = -EINVAL;
+ goto out;
+ }
+
if (sub_info->path[0] == '\0')
goto out;
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html