From 5a0488049917ba2790d59108f3def16825528974 Mon Sep 17 00:00:00 2001 From: Jackie Liu Date: Tue, 5 Jan 2021 09:45:11 +0800 Subject: [PATCH 05/13] Fix segmentation fault when ikconfig passed nonstandard values Fix for a segmentation fault when analyzing arm64 kernels that are configured with CONFIG_IKCONFIG and have a strange entry that does not contain the delimiter "=", such as "CONFIG_SECU+[some hex data]". Without the patch, in the add_ikconfig_entry() function, strtok_r() interprets it as consisting of a single token and the val variable is set to NULL, and then strdup() crashes. Suggested-by: Kazuhito Hagio Signed-off-by: Jackie Liu Signed-off-by: Lianbo Jiang --- kernel.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/kernel.c b/kernel.c index e722ff941527..272e0d8751cf 100644 --- a/kernel.c +++ b/kernel.c @@ -10241,7 +10241,7 @@ static struct ikconfig_list { char *val; } *ikconfig_all; -static void add_ikconfig_entry(char *line, struct ikconfig_list *ent) +static int add_ikconfig_entry(char *line, struct ikconfig_list *ent) { char *tokptr, *name, *val; @@ -10249,8 +10249,16 @@ static void add_ikconfig_entry(char *line, struct ikconfig_list *ent) sscanf(name, "CONFIG_%s", name); val = strtok_r(NULL, "", &tokptr); + if (!val) { + if (CRASHDEBUG(2)) + error(WARNING, "invalid ikconfig entry: %s\n", line); + return FALSE; + } + ent->name = strdup(name); ent->val = strdup(val); + + return TRUE; } static int setup_ikconfig(char *config) @@ -10270,8 +10278,8 @@ static int setup_ikconfig(char *config) ent++; if (STRNEQ(ent, "CONFIG_")) { - add_ikconfig_entry(ent, - &ikconfig_all[kt->ikconfig_ents++]); + if (add_ikconfig_entry(ent, &ikconfig_all[kt->ikconfig_ents])) + kt->ikconfig_ents++; if (kt->ikconfig_ents == IKCONFIG_MAX) { error(WARNING, "ikconfig overflow.\n"); return 1; -- 2.17.1