crash/0005-Fix-segmentation-fault...

From 5a0488049917ba2790d59108f3def16825528974 Mon Sep 17 00:00:00 2001
From: Jackie Liu <liuyun01@kylinos.cn>
Date: Tue, 5 Jan 2021 09:45:11 +0800
Subject: [PATCH 05/13] Fix segmentation fault when ikconfig passed nonstandard
 values

Fix for a segmentation fault when analyzing arm64 kernels that are
configured with CONFIG_IKCONFIG and have a strange entry that does
not contain the delimiter "=", such as "CONFIG_SECU+[some hex data]".

Without the patch, in the add_ikconfig_entry() function, strtok_r()
interprets it as consisting of a single token and the val variable
is set to NULL, and then strdup() crashes.

Suggested-by: Kazuhito Hagio <k-hagio-ab@nec.com>
Signed-off-by: Jackie Liu <liuyun01@kylinos.cn>
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
---
 kernel.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/kernel.c b/kernel.c
index e722ff941527..272e0d8751cf 100644
--- a/kernel.c
+++ b/kernel.c
@@ -10241,7 +10241,7 @@ static struct ikconfig_list {
 	char *val;
 } *ikconfig_all;

-static void add_ikconfig_entry(char *line, struct ikconfig_list *ent)
+static int add_ikconfig_entry(char *line, struct ikconfig_list *ent)
 {
 	char *tokptr, *name, *val;

@@ -10249,8 +10249,16 @@ static void add_ikconfig_entry(char *line, struct ikconfig_list *ent)
 	sscanf(name, "CONFIG_%s", name);
 	val = strtok_r(NULL, "", &tokptr);

+	if (!val) {
+		if (CRASHDEBUG(2))
+			error(WARNING, "invalid ikconfig entry: %s\n", line);
+		return FALSE;
+	}
+
 	ent->name = strdup(name);
 	ent->val = strdup(val);
+
+	return TRUE;
 }

 static int setup_ikconfig(char *config)
@@ -10270,8 +10278,8 @@ static int setup_ikconfig(char *config)
 			ent++;

 		if (STRNEQ(ent, "CONFIG_")) {
-			add_ikconfig_entry(ent,
-					 &ikconfig_all[kt->ikconfig_ents++]);
+			if (add_ikconfig_entry(ent, &ikconfig_all[kt->ikconfig_ents]))
+				kt->ikconfig_ents++;
 			if (kt->ikconfig_ents == IKCONFIG_MAX) {
 				error(WARNING, "ikconfig overflow.\n");
 				return 1;
--
2.17.1