Patchwork [108/115] usermodehelper: check subprocess_info->path != NULL

login
register
mail settings
Submitter Luis Henriques
Date May 20, 2013, 10:51 a.m.
Message ID <1369047116-9378-109-git-send-email-luis.henriques@canonical.com>
Download mbox | patch
Permalink /patch/244943/
State New
Headers show

Comments

Luis Henriques - May 20, 2013, 10:51 a.m.
3.5.7.13 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Oleg Nesterov <oleg@redhat.com>

commit 264b83c07a84223f0efd0d1db9ccc66d6f88288f upstream.

argv_split(empty_or_all_spaces) happily succeeds, it simply returns
argc == 0 and argv[0] == NULL. Change call_usermodehelper_exec() to
check sub_info->path != NULL to avoid the crash.

This is the minimal fix, todo:

 - perhaps we should change argv_split() to return NULL or change the
   callers.

 - kill or justify ->path[0] check

 - narrow the scope of helper_lock()

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-By: Lucas De Marchi <lucas.demarchi@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 kernel/kmod.c | 5 +++++
 1 file changed, 5 insertions(+)

Patch

diff --git a/kernel/kmod.c b/kernel/kmod.c
index ff2c7cb..cc76ad6 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -541,6 +541,11 @@  int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait)
 	int retval = 0;
 
 	helper_lock();
+	if (!sub_info->path) {
+		retval = -EINVAL;
+		goto out;
+	}
+
 	if (sub_info->path[0] == '\0')
 		goto out;