linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] target: fix a missing check for match_int
@ 2018-12-26  6:48 Kangjie Lu
  2019-01-11 20:06 ` Mike Christie
  0 siblings, 1 reply; 4+ messages in thread
From: Kangjie Lu @ 2018-12-26  6:48 UTC (permalink / raw)
  To: kjlu
  Cc: pakki001, Nicholas A. Bellinger, linux-scsi, target-devel, linux-kernel

When match_int fails, "arg" is left uninitialized and may contain random
value, thus should not be used.
The fix checks if match_int fails, and if so, break.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
 drivers/target/target_core_rd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
index a6e8106abd6f..3138123143e8 100644
--- a/drivers/target/target_core_rd.c
+++ b/drivers/target/target_core_rd.c
@@ -573,7 +573,8 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
 		token = match_token(ptr, tokens, args);
 		switch (token) {
 		case Opt_rd_pages:
-			match_int(args, &arg);
+			if (match_int(args, &arg))
+				break;
 			rd_dev->rd_page_count = arg;
 			pr_debug("RAMDISK: Referencing Page"
 				" Count: %u\n", rd_dev->rd_page_count);
-- 
2.17.2 (Apple Git-113)


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] target: fix a missing check for match_int
  2018-12-26  6:48 [PATCH] target: fix a missing check for match_int Kangjie Lu
@ 2019-01-11 20:06 ` Mike Christie
  2019-01-12  5:31   ` [PATCH v2] target: fix a missing check of match_int Kangjie Lu
  0 siblings, 1 reply; 4+ messages in thread
From: Mike Christie @ 2019-01-11 20:06 UTC (permalink / raw)
  To: Kangjie Lu
  Cc: pakki001, Nicholas A. Bellinger, linux-scsi, target-devel, linux-kernel

On 12/26/2018 12:48 AM, Kangjie Lu wrote:
> When match_int fails, "arg" is left uninitialized and may contain random
> value, thus should not be used.
> The fix checks if match_int fails, and if so, break.
> 
> Signed-off-by: Kangjie Lu <kjlu@umn.edu>
> ---
>  drivers/target/target_core_rd.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
> index a6e8106abd6f..3138123143e8 100644
> --- a/drivers/target/target_core_rd.c
> +++ b/drivers/target/target_core_rd.c
> @@ -573,7 +573,8 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
>  		token = match_token(ptr, tokens, args);
>  		switch (token) {
>  		case Opt_rd_pages:
> -			match_int(args, &arg);
> +			if (match_int(args, &arg))
> +				break;

I think if this fails you would want to return an error.

Also, I think you want to add a similar check for the Opt_rd_nullio call
below this chunk because arg may initialized to junk.


>  			rd_dev->rd_page_count = arg;
>  			pr_debug("RAMDISK: Referencing Page"
>  				" Count: %u\n", rd_dev->rd_page_count);
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH v2] target: fix a missing check of match_int
  2019-01-11 20:06 ` Mike Christie
@ 2019-01-12  5:31   ` Kangjie Lu
  2019-01-19 19:06     ` Mike Christie
  0 siblings, 1 reply; 4+ messages in thread
From: Kangjie Lu @ 2019-01-12  5:31 UTC (permalink / raw)
  To: kjlu
  Cc: pakki001, Nicholas A. Bellinger, linux-scsi, target-devel, linux-kernel

When match_int fails, "arg" is left uninitialized and may contain random
value, thus should not be used.
The fix checks if match_int fails, and if so, returns its error code.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
 drivers/target/target_core_rd.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
index a6e8106abd6f..3b7657b2f2f1 100644
--- a/drivers/target/target_core_rd.c
+++ b/drivers/target/target_core_rd.c
@@ -559,6 +559,7 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
 	char *orig, *ptr, *opts;
 	substring_t args[MAX_OPT_ARGS];
 	int arg, token;
+	int ret;
 
 	opts = kstrdup(page, GFP_KERNEL);
 	if (!opts)
@@ -573,14 +574,24 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
 		token = match_token(ptr, tokens, args);
 		switch (token) {
 		case Opt_rd_pages:
-			match_int(args, &arg);
+			ret = match_int(args, &arg);
+			if (ret) {
+				kfree(orig);
+				return ret;
+			}
+
 			rd_dev->rd_page_count = arg;
 			pr_debug("RAMDISK: Referencing Page"
 				" Count: %u\n", rd_dev->rd_page_count);
 			rd_dev->rd_flags |= RDF_HAS_PAGE_COUNT;
 			break;
 		case Opt_rd_nullio:
-			match_int(args, &arg);
+			ret = match_int(args, &arg);
+			if (ret) {
+				kfree(orig);
+				return ret;
+			}
+
 			if (arg != 1)
 				break;
 
-- 
2.17.2 (Apple Git-113)


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] target: fix a missing check of match_int
  2019-01-12  5:31   ` [PATCH v2] target: fix a missing check of match_int Kangjie Lu
@ 2019-01-19 19:06     ` Mike Christie
  0 siblings, 0 replies; 4+ messages in thread
From: Mike Christie @ 2019-01-19 19:06 UTC (permalink / raw)
  To: Kangjie Lu
  Cc: pakki001, Nicholas A. Bellinger, linux-scsi, target-devel, linux-kernel

On 01/11/2019 11:31 PM, Kangjie Lu wrote:
> When match_int fails, "arg" is left uninitialized and may contain random
> value, thus should not be used.
> The fix checks if match_int fails, and if so, returns its error code.
> 
> Signed-off-by: Kangjie Lu <kjlu@umn.edu>
> ---
>  drivers/target/target_core_rd.c | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
> index a6e8106abd6f..3b7657b2f2f1 100644
> --- a/drivers/target/target_core_rd.c
> +++ b/drivers/target/target_core_rd.c
> @@ -559,6 +559,7 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
>  	char *orig, *ptr, *opts;
>  	substring_t args[MAX_OPT_ARGS];
>  	int arg, token;
> +	int ret;
>  
>  	opts = kstrdup(page, GFP_KERNEL);
>  	if (!opts)
> @@ -573,14 +574,24 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
>  		token = match_token(ptr, tokens, args);
>  		switch (token) {
>  		case Opt_rd_pages:
> -			match_int(args, &arg);
> +			ret = match_int(args, &arg);
> +			if (ret) {
> +				kfree(orig);
> +				return ret;

Just set ret to the return value and then break, so all the error and
success paths are going through the same code path.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-01-19 19:06 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-26  6:48 [PATCH] target: fix a missing check for match_int Kangjie Lu
2019-01-11 20:06 ` Mike Christie
2019-01-12  5:31   ` [PATCH v2] target: fix a missing check of match_int Kangjie Lu
2019-01-19 19:06     ` Mike Christie

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).