of: module: prevent NULL pointer dereference in vsnprintf() (!4278) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Steve Best requested to merge sfbest/centos-stream-9:37254 into main May 21, 2024

JIRA: https://issues.redhat.com/browse/RHEL-37254
CVE: CVE-2024-35878

Build Info: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=61362931

Tested: Did sanity boot testing ARM (nvidia-igx-02) system.

commit a1aa5390cc912934fee76ce80af5f940452fa987
Author: Sergey Shtylyov s.shtylyov@omp.ru
Date: Wed Mar 27 19:52:49 2024 +0300

of: module: prevent NULL pointer dereference in vsnprintf()  

In of_modalias(), we can get passed the str and len parameters which would  
cause a kernel oops in vsnprintf() since it only allows passing a NULL ptr  
when the length is also 0. Also, we need to filter out the negative values  
of the len parameter as these will result in a really huge buffer since  
snprintf() takes size_t parameter while ours is ssize_t...  

Found by Linux Verification Center (linuxtesting.org) with the Svace static  
analysis tool.  

Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>  
Cc: stable@vger.kernel.org  
Link: https://lore.kernel.org/r/1d211023-3923-685b-20f0-f3f90ea56e1f@omp.ru  
Signed-off-by: Rob Herring <robh@kernel.org>

Signed-off-by: Steve Best sbest@redhat.com

of: module: prevent NULL pointer dereference in vsnprintf()

Merge request reports