On Wed, Jul 13, 2022 at 11:20:47AM +0200, Ahmad Fatoum wrote:
> When building barebox with ubifs support, but without decompressors
> enabled, we run into a NULL pointer dereference:
>
> BUG: failure at lib/string.c:249/strncmp()!
> BUG!
> [<4fd8ea59>] (unwind_backtrace+0x1/0x78) from [<4fd014e5>] (panic+0x1d/0x34)
> [<4fd014e5>] (panic+0x1d/0x34) from [<4fd65ed1>] (strncmp+0x2d/0x50)
> [<4fd65ed1>] (strncmp+0x2d/0x50) from [<4fd784bb>] (compr_init+0x4b/0x70)
> [<4fd784bb>] (compr_init+0x4b/0x70) from [<4fd78915>] (ubifs_compressors_init+0x15/0x40)
> [<4fd78915>] (ubifs_compressors_init+0x15/0x40) from [<4fd78e89>] (ubifs_init+0x2d/0x48)
> [<4fd78e89>] (ubifs_init+0x2d/0x48) from [<4fd01159>] (start_barebox+0x35/0x6c)
> [<4fd01159>] (start_barebox+0x35/0x6c) from [<4fd8c9f3>] (barebox_non_pbl_start+0x127/0x170)
> [<4fd8c9f3>] (barebox_non_pbl_start+0x127/0x170) from [<4fd00005>] (__bare_init_start+0x1/0xc)
>
> This is because the loop in crypto_alloc_comp iterates over all possible
> decompressors and then accesses comp->capi_name, which will be NULL for
> unusable decompressors. Add a NULL check to handle this gracefully.
> A check for alg_name isn't needed because it's already checked in
> compr_init.
>
> Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
> ---
> fs/ubifs/ubifs.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Applied, thanks
Sascha
>
> diff --git a/fs/ubifs/ubifs.c b/fs/ubifs/ubifs.c
> index e7b434c1960e..0b4f3de773e7 100644
> --- a/fs/ubifs/ubifs.c
> +++ b/fs/ubifs/ubifs.c
> @@ -125,7 +125,8 @@ static inline struct crypto_comp
> i++;
> continue;
> }
> - if (strncmp(alg_name, comp->capi_name, strlen(alg_name)) == 0) {
> + if (comp->capi_name &&
> + strncmp(alg_name, comp->capi_name, strlen(alg_name)) == 0) {
> ptr->compressor = i;
> return ptr;
> }
> --
> 2.30.2
>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
