diff mbox

[50/78] usermodehelper: check subprocess_info->path != NULL

Message ID 1369776027-17859-51-git-send-email-kamal@canonical.com
State New
Headers show

Commit Message

Kamal Mostafa May 28, 2013, 9:19 p.m. UTC 
3.8.13.1 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Oleg Nesterov <oleg@redhat.com>

commit 264b83c07a84223f0efd0d1db9ccc66d6f88288f upstream.

argv_split(empty_or_all_spaces) happily succeeds, it simply returns
argc == 0 and argv[0] == NULL. Change call_usermodehelper_exec() to
check sub_info->path != NULL to avoid the crash.

This is the minimal fix, todo:

 - perhaps we should change argv_split() to return NULL or change the
   callers.

 - kill or justify ->path[0] check

 - narrow the scope of helper_lock()

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-By: Lucas De Marchi <lucas.demarchi@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
 kernel/kmod.c | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox

Patch

diff --git a/kernel/kmod.c b/kernel/kmod.c
index 0023a87..41e1524 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -561,6 +561,11 @@  int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait)
 	int retval = 0;
 
 	helper_lock();
+	if (!sub_info->path) {
+		retval = -EINVAL;
+		goto out;
+	}
+
 	if (sub_info->path[0] == '\0')
 		goto out;