init/main.c: Fix potential static_command_line memory overflow (!4168) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Steve Best requested to merge sfbest/centos-stream-9:35088 into main May 03, 2024

JIRA: https://issues.redhat.com/browse/RHEL-35088
CVE: CVE-2024-26988

Build Info: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=60973397

Tested: Did sanity boot testing on Intel (intel-eaglestream-emr-01) system.

commit 46dad3c1e57897ab9228332f03e1c14798d2d3b9
Author: Yuntao Wang ytcoode@gmail.com
Date: Fri Apr 12 16:17:32 2024 +0800

init/main.c: Fix potential static_command_line memory overflow  

We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for  
static_command_line, but the strings copied into static_command_line are  
extra_command_line and command_line, rather than extra_command_line and  
boot_command_line.  

When strlen(command_line) > strlen(boot_command_line), static_command_line  
will overflow.  

This patch just recovers strlen(command_line) which was miss-consolidated  
with strlen(boot_command_line) in the commit f5c7310ac73e ("init/main: add  
checks for the return value of memblock_alloc*()")  

Link: https://lore.kernel.org/all/20240412081733.35925-2-ytcoode@gmail.com/  

Fixes: f5c7310ac73e ("init/main: add checks for the return value of memblock_alloc*()")  
Cc: stable@vger.kernel.org  
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>  
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>

Signed-off-by: Steve Best sbest@redhat.com

init/main.c: Fix potential static_command_line memory overflow

Merge request reports