* [PATCH] target: fix a missing check for match_int
@ 2018-12-26 6:48 Kangjie Lu
2019-01-11 20:06 ` Mike Christie
0 siblings, 1 reply; 4+ messages in thread
From: Kangjie Lu @ 2018-12-26 6:48 UTC (permalink / raw)
To: kjlu
Cc: pakki001, Nicholas A. Bellinger, linux-scsi, target-devel, linux-kernel
When match_int fails, "arg" is left uninitialized and may contain random
value, thus should not be used.
The fix checks if match_int fails, and if so, break.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
drivers/target/target_core_rd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
index a6e8106abd6f..3138123143e8 100644
--- a/drivers/target/target_core_rd.c
+++ b/drivers/target/target_core_rd.c
@@ -573,7 +573,8 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
token = match_token(ptr, tokens, args);
switch (token) {
case Opt_rd_pages:
- match_int(args, &arg);
+ if (match_int(args, &arg))
+ break;
rd_dev->rd_page_count = arg;
pr_debug("RAMDISK: Referencing Page"
" Count: %u\n", rd_dev->rd_page_count);
--
2.17.2 (Apple Git-113)
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] target: fix a missing check for match_int
2018-12-26 6:48 [PATCH] target: fix a missing check for match_int Kangjie Lu
@ 2019-01-11 20:06 ` Mike Christie
2019-01-12 5:31 ` [PATCH v2] target: fix a missing check of match_int Kangjie Lu
0 siblings, 1 reply; 4+ messages in thread
From: Mike Christie @ 2019-01-11 20:06 UTC (permalink / raw)
To: Kangjie Lu
Cc: pakki001, Nicholas A. Bellinger, linux-scsi, target-devel, linux-kernel
On 12/26/2018 12:48 AM, Kangjie Lu wrote:
> When match_int fails, "arg" is left uninitialized and may contain random
> value, thus should not be used.
> The fix checks if match_int fails, and if so, break.
>
> Signed-off-by: Kangjie Lu <kjlu@umn.edu>
> ---
> drivers/target/target_core_rd.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
> index a6e8106abd6f..3138123143e8 100644
> --- a/drivers/target/target_core_rd.c
> +++ b/drivers/target/target_core_rd.c
> @@ -573,7 +573,8 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
> token = match_token(ptr, tokens, args);
> switch (token) {
> case Opt_rd_pages:
> - match_int(args, &arg);
> + if (match_int(args, &arg))
> + break;
I think if this fails you would want to return an error.
Also, I think you want to add a similar check for the Opt_rd_nullio call
below this chunk because arg may initialized to junk.
> rd_dev->rd_page_count = arg;
> pr_debug("RAMDISK: Referencing Page"
> " Count: %u\n", rd_dev->rd_page_count);
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2] target: fix a missing check of match_int
2019-01-11 20:06 ` Mike Christie
@ 2019-01-12 5:31 ` Kangjie Lu
2019-01-19 19:06 ` Mike Christie
0 siblings, 1 reply; 4+ messages in thread
From: Kangjie Lu @ 2019-01-12 5:31 UTC (permalink / raw)
To: kjlu
Cc: pakki001, Nicholas A. Bellinger, linux-scsi, target-devel, linux-kernel
When match_int fails, "arg" is left uninitialized and may contain random
value, thus should not be used.
The fix checks if match_int fails, and if so, returns its error code.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
drivers/target/target_core_rd.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
index a6e8106abd6f..3b7657b2f2f1 100644
--- a/drivers/target/target_core_rd.c
+++ b/drivers/target/target_core_rd.c
@@ -559,6 +559,7 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
char *orig, *ptr, *opts;
substring_t args[MAX_OPT_ARGS];
int arg, token;
+ int ret;
opts = kstrdup(page, GFP_KERNEL);
if (!opts)
@@ -573,14 +574,24 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
token = match_token(ptr, tokens, args);
switch (token) {
case Opt_rd_pages:
- match_int(args, &arg);
+ ret = match_int(args, &arg);
+ if (ret) {
+ kfree(orig);
+ return ret;
+ }
+
rd_dev->rd_page_count = arg;
pr_debug("RAMDISK: Referencing Page"
" Count: %u\n", rd_dev->rd_page_count);
rd_dev->rd_flags |= RDF_HAS_PAGE_COUNT;
break;
case Opt_rd_nullio:
- match_int(args, &arg);
+ ret = match_int(args, &arg);
+ if (ret) {
+ kfree(orig);
+ return ret;
+ }
+
if (arg != 1)
break;
--
2.17.2 (Apple Git-113)
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] target: fix a missing check of match_int
2019-01-12 5:31 ` [PATCH v2] target: fix a missing check of match_int Kangjie Lu
@ 2019-01-19 19:06 ` Mike Christie
0 siblings, 0 replies; 4+ messages in thread
From: Mike Christie @ 2019-01-19 19:06 UTC (permalink / raw)
To: Kangjie Lu
Cc: pakki001, Nicholas A. Bellinger, linux-scsi, target-devel, linux-kernel
On 01/11/2019 11:31 PM, Kangjie Lu wrote:
> When match_int fails, "arg" is left uninitialized and may contain random
> value, thus should not be used.
> The fix checks if match_int fails, and if so, returns its error code.
>
> Signed-off-by: Kangjie Lu <kjlu@umn.edu>
> ---
> drivers/target/target_core_rd.c | 15 +++++++++++++--
> 1 file changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
> index a6e8106abd6f..3b7657b2f2f1 100644
> --- a/drivers/target/target_core_rd.c
> +++ b/drivers/target/target_core_rd.c
> @@ -559,6 +559,7 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
> char *orig, *ptr, *opts;
> substring_t args[MAX_OPT_ARGS];
> int arg, token;
> + int ret;
>
> opts = kstrdup(page, GFP_KERNEL);
> if (!opts)
> @@ -573,14 +574,24 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
> token = match_token(ptr, tokens, args);
> switch (token) {
> case Opt_rd_pages:
> - match_int(args, &arg);
> + ret = match_int(args, &arg);
> + if (ret) {
> + kfree(orig);
> + return ret;
Just set ret to the return value and then break, so all the error and
success paths are going through the same code path.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-01-19 19:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-26 6:48 [PATCH] target: fix a missing check for match_int Kangjie Lu
2019-01-11 20:06 ` Mike Christie
2019-01-12 5:31 ` [PATCH v2] target: fix a missing check of match_int Kangjie Lu
2019-01-19 19:06 ` Mike Christie
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).