projects
/
project
/
ubox.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
kmodloader: fix out-of-bound access when parsing .modinfo
[project/ubox.git]
/
kmodloader.c
diff --git
a/kmodloader.c
b/kmodloader.c
index
b20de6e
..
c780379
100644
(file)
--- a/
kmodloader.c
+++ b/
kmodloader.c
@@
-302,12
+302,14
@@
static struct module* get_module_info(const char *module, const char *name)
}
strings = map + offset;
}
strings = map + offset;
- while (
strings && (strings < map + offset + size)
) {
+ while (
true
) {
char *sep;
int len;
while (!strings[0])
strings++;
char *sep;
int len;
while (!strings[0])
strings++;
+ if (strings >= map + offset + size)
+ break;
sep = strstr(strings, "=");
if (!sep)
break;
sep = strstr(strings, "=");
if (!sep)
break;
@@
-410,12
+412,14
@@
static int print_modinfo(char *module)
strings = map + offset;
printf("module:\t\t%s\n", module);
strings = map + offset;
printf("module:\t\t%s\n", module);
- while (
strings && (strings < map + offset + size)
) {
+ while (
true
) {
char *dup = NULL;
char *sep;
while (!strings[0])
strings++;
char *dup = NULL;
char *sep;
while (!strings[0])
strings++;
+ if (strings >= map + offset + size)
+ break;
sep = strstr(strings, "=");
if (!sep)
break;
sep = strstr(strings, "=");
if (!sep)
break;
@@
-719,8
+723,15
@@
static int main_modprobe(int argc, char **argv)
{
struct module *m;
char *name;
{
struct module *m;
char *name;
+ char *mod = NULL;
+ int i;
- if (argc != 2)
+ for (i = 1; i < argc; i++)
+ if (argv[i][0] != '-') {
+ mod = argv[i];
+ break;
+ }
+ if (!mod)
return print_usage("modprobe");
if (scan_loaded_modules())
return print_usage("modprobe");
if (scan_loaded_modules())
@@
-729,7
+740,7
@@
static int main_modprobe(int argc, char **argv)
if (scan_module_folders())
return -1;
if (scan_module_folders())
return -1;
- name = get_module_name(
argv[1]
);
+ name = get_module_name(
mod
);
m = find_module(name);
if (m && m->state == LOADED) {
ULOG_ERR("%s is already loaded\n", name);
m = find_module(name);
if (m && m->state == LOADED) {
ULOG_ERR("%s is already loaded\n", name);