projects / project / ubox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a62c946)
kmodloader: fix out-of-bound access when parsing .modinfo
authorYousong Zhou <yszhou4tech@gmail.com>
Fri, 13 Jan 2017 17:00:33 +0000 (01:00 +0800)
committerFelix Fietkau <nbd@nbd.name>
Sun, 15 Jan 2017 17:52:42 +0000 (18:52 +0100)
Fixes output of "modinfo nf_conntrack_ipv4"

    module:         /lib/modules/4.4.40/nf_conntrack_ipv4.ko
    license:        GPL
    alias:          ip_conntrack
    alias:          nf_conntrack-2
    depends:        nf_conntrack,nf_defrag_ipv4
    src:            %pI4 dst=%pI4

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
kmodloader.c patch | blob | history

diff --git a/kmodloader.c b/kmodloader.c
index 065ac82..c780379 100644 (file)
--- a/kmodloader.c
+++ b/kmodloader.c
@@ -302,12 +302,14 @@ static struct module* get_module_info(const char *module, const char *name)
        }
 
        strings = map + offset;
        }
 
        strings = map + offset;
-       while (strings && (strings < map + offset + size)) {
+       while (true) {
                char *sep;
                int len;
 
                while (!strings[0])
                        strings++;
                char *sep;
                int len;
 
                while (!strings[0])
                        strings++;
+               if (strings >= map + offset + size)
+                       break;
                sep = strstr(strings, "=");
                if (!sep)
                        break;
                sep = strstr(strings, "=");
                if (!sep)
                        break;
@@ -410,12 +412,14 @@ static int print_modinfo(char *module)
 
        strings = map + offset;
        printf("module:\t\t%s\n", module);
 
        strings = map + offset;
        printf("module:\t\t%s\n", module);
-       while (strings && (strings < map + offset + size)) {
+       while (true) {
                char *dup = NULL;
                char *sep;
 
                while (!strings[0])
                        strings++;
                char *dup = NULL;
                char *sep;
 
                while (!strings[0])
                        strings++;
+               if (strings >= map + offset + size)
+                       break;
                sep = strstr(strings, "=");
                if (!sep)
                        break;
                sep = strstr(strings, "=");
                if (!sep)
                        break;
OpenWrt core utilities