Fix issues discovered by static analysis
Applu 4 patches that fix various minor issues: - v29~5 "libkmod: fix an overflow with wrong modules.builtin.modinfo" - v31~29 "libkmod: do not crash on unknown signature algorithm" - v31~18 "libkmod: error out on unknown hash algorithm" - v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string" * 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch: New file. * 0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch: Likewise. * 0001-libkmod-error-out-on-unknown-hash-algorithm.patch: Likewise. * 0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch: Likewise. * kmod.spec (Release): Bump to 10. (Patch02, Patch03, Patch04, Patch05): New patches. (%changelog): New record. Resolves: RHEL-34073 Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
This commit is contained in:
parent
36aca425e7
commit
62e12e062c
@ -0,0 +1,44 @@
|
|||||||
|
From 5c22362b6b97af9c6b7587f0c3450001e9893115 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eugene Syromiatnikov <esyr@redhat.com>
|
||||||
|
Date: Tue, 13 Aug 2024 16:17:27 +0200
|
||||||
|
Subject: [PATCH] libkmod: avoid undefined behaviour in
|
||||||
|
libkmod-builtin.c:get_string
|
||||||
|
|
||||||
|
Static analysis has reported a potential UB:
|
||||||
|
|
||||||
|
kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf".
|
||||||
|
# 123| size_t linesz = 0;
|
||||||
|
# 124|
|
||||||
|
# 125|-> while (!nullp) {
|
||||||
|
# 126| char buf[BUFSIZ];
|
||||||
|
# 127| ssize_t sz;
|
||||||
|
|
||||||
|
It seems to be indeed an UB, as nullp is getting assined an address
|
||||||
|
inside object buf, which has a lifetime of the while loop body,
|
||||||
|
and is not available outside of it (specifically, in the while
|
||||||
|
condition, where nullp is checked for NULL). Fix it by putting
|
||||||
|
buf definition in the outer block.
|
||||||
|
---
|
||||||
|
libkmod/libkmod-builtin.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
|
||||||
|
index fd0f549..40a7d61 100644
|
||||||
|
--- a/libkmod/libkmod-builtin.c
|
||||||
|
+++ b/libkmod/libkmod-builtin.c
|
||||||
|
@@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset,
|
||||||
|
char **line, size_t *size)
|
||||||
|
{
|
||||||
|
int sv_errno;
|
||||||
|
+ char buf[BUFSIZ];
|
||||||
|
char *nullp = NULL;
|
||||||
|
size_t linesz = 0;
|
||||||
|
|
||||||
|
while (!nullp) {
|
||||||
|
- char buf[BUFSIZ];
|
||||||
|
ssize_t sz;
|
||||||
|
size_t partsz;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.13.6
|
||||||
|
|
@ -0,0 +1,38 @@
|
|||||||
|
From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
|
||||||
|
Date: Sun, 25 Sep 2022 17:46:08 +0300
|
||||||
|
Subject: [PATCH] libkmod: do not crash on unknown signature algorithm
|
||||||
|
|
||||||
|
Example kernel module:
|
||||||
|
https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e
|
||||||
|
(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst)
|
||||||
|
It is signed with Streebog 512.
|
||||||
|
|
||||||
|
libkmod v30 crashed in libkmod-module.c:2413 in this code:
|
||||||
|
|
||||||
|
n = kmod_module_info_append(list,
|
||||||
|
"sig_hashalgo", strlen("sig_hashalgo"),
|
||||||
|
sig_info.hash_algo, strlen(sig_info.hash_algo));
|
||||||
|
|
||||||
|
because strlen() got null.
|
||||||
|
---
|
||||||
|
libkmod/libkmod-signature.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
|
||||||
|
index 4ae5af6..092f396 100644
|
||||||
|
--- a/libkmod/libkmod-signature.c
|
||||||
|
+++ b/libkmod/libkmod-signature.c
|
||||||
|
@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size,
|
||||||
|
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
|
||||||
|
|
||||||
|
sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
|
||||||
|
+ // hash algo has not been recognized
|
||||||
|
+ if (sig_info->hash_algo == NULL)
|
||||||
|
+ goto err3;
|
||||||
|
sig_info->id_type = pkey_id_type[modsig->id_type];
|
||||||
|
|
||||||
|
pvt = malloc(sizeof(*pvt));
|
||||||
|
--
|
||||||
|
2.13.6
|
||||||
|
|
44
0001-libkmod-error-out-on-unknown-hash-algorithm.patch
Normal file
44
0001-libkmod-error-out-on-unknown-hash-algorithm.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Emil Velikov <emil.velikov@collabora.com>
|
||||||
|
Date: Mon, 6 Feb 2023 14:32:59 +0000
|
||||||
|
Subject: [PATCH] libkmod: error out on unknown hash algorithm
|
||||||
|
|
||||||
|
Currently if we see unknown algorithm, we'll do an OOB read in
|
||||||
|
pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and
|
||||||
|
the kernel module uses a SM3 hash.
|
||||||
|
|
||||||
|
Cc: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
|
||||||
|
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
|
||||||
|
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
|
||||||
|
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||||
|
---
|
||||||
|
libkmod/libkmod-signature.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
|
||||||
|
index 092f396..b749a81 100644
|
||||||
|
--- a/libkmod/libkmod-signature.c
|
||||||
|
+++ b/libkmod/libkmod-signature.c
|
||||||
|
@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size,
|
||||||
|
unsigned char *key_id_str;
|
||||||
|
struct pkcs7_private *pvt;
|
||||||
|
const char *issuer_str;
|
||||||
|
+ int hash_algo;
|
||||||
|
|
||||||
|
size -= sig_len;
|
||||||
|
pkcs7_raw = mem + size;
|
||||||
|
@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size,
|
||||||
|
|
||||||
|
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
|
||||||
|
|
||||||
|
- sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
|
||||||
|
+ hash_algo = obj_to_hash_algo(o);
|
||||||
|
+ if (hash_algo < 0)
|
||||||
|
+ goto err3;
|
||||||
|
+ sig_info->hash_algo = pkey_hash_algo[hash_algo];
|
||||||
|
// hash algo has not been recognized
|
||||||
|
if (sig_info->hash_algo == NULL)
|
||||||
|
goto err3;
|
||||||
|
--
|
||||||
|
2.13.6
|
||||||
|
|
@ -0,0 +1,29 @@
|
|||||||
|
From 1cab02ecf6ee2a0aa34f3615dfd99c59f7e04e90 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Seung-Woo Kim <sw0312.kim@samsung.com>
|
||||||
|
Date: Tue, 13 Apr 2021 20:23:14 +0900
|
||||||
|
Subject: [PATCH] libkmod: fix an overflow with wrong modules.builtin.modinfo
|
||||||
|
|
||||||
|
Fix a possbile overflow with exact PATH_MAX length modname
|
||||||
|
in wrong modules.builtin.modinfo.
|
||||||
|
|
||||||
|
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
||||||
|
---
|
||||||
|
libkmod/libkmod-builtin.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
|
||||||
|
index fc9a376..a75a542 100644
|
||||||
|
--- a/libkmod/libkmod-builtin.c
|
||||||
|
+++ b/libkmod/libkmod-builtin.c
|
||||||
|
@@ -246,7 +246,7 @@ bool kmod_builtin_iter_get_modname(struct kmod_builtin_iter *iter,
|
||||||
|
|
||||||
|
len = dot - line;
|
||||||
|
|
||||||
|
- if (len > PATH_MAX) {
|
||||||
|
+ if (len >= PATH_MAX) {
|
||||||
|
sv_errno = ENAMETOOLONG;
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.13.6
|
||||||
|
|
14
kmod.spec
14
kmod.spec
@ -1,6 +1,6 @@
|
|||||||
Name: kmod
|
Name: kmod
|
||||||
Version: 28
|
Version: 28
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
Summary: Linux kernel module management utilities
|
Summary: Linux kernel module management utilities
|
||||||
|
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
@ -11,6 +11,14 @@ Source2: depmod.conf.dist
|
|||||||
Exclusiveos: Linux
|
Exclusiveos: Linux
|
||||||
|
|
||||||
Patch01: man-rmmod-explain-why-modprobe-r-is-more-useful.patch
|
Patch01: man-rmmod-explain-why-modprobe-r-is-more-useful.patch
|
||||||
|
# v29~5 "libkmod: fix an overflow with wrong modules.builtin.modinfo"
|
||||||
|
Patch02: 0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch
|
||||||
|
# v31~29 "libkmod: do not crash on unknown signature algorithm"
|
||||||
|
Patch03: 0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
|
||||||
|
# v31~18 "libkmod: error out on unknown hash algorithm"
|
||||||
|
Patch04: 0001-libkmod-error-out-on-unknown-hash-algorithm.patch
|
||||||
|
# v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string"
|
||||||
|
Patch05: 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: chrpath
|
BuildRequires: chrpath
|
||||||
@ -111,6 +119,10 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
|
|||||||
%{_libdir}/libkmod.so
|
%{_libdir}/libkmod.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 15 2024 Eugene Syromiatnikov <esyr@redhat.com> - 28-10
|
||||||
|
- Fix issues discovered by static analysis
|
||||||
|
- Resolves: RHEL-34073
|
||||||
|
|
||||||
* Thu May 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 28-9
|
* Thu May 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 28-9
|
||||||
- Add symvers.xz support to weak-modules
|
- Add symvers.xz support to weak-modules
|
||||||
- Resolves: rhbz#2192895
|
- Resolves: rhbz#2192895
|
||||||
|
Loading…
Reference in New Issue
Block a user