tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

MIPS: validate DT bootargs before appending them

bootcmdline_scan_chosen() fetches the raw flat-DT bootargs property and
passes it straight to bootcmdline_append(). That helper later feeds the
same pointer into strlcat(), which computes strlen(src) before copying.
Flat DT properties are external boot input, and this path does not
prove that bootargs is NUL-terminated within its declared bounds.

Reject unterminated bootargs properties before appending them to the
kernel command line.

Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>

authored by

Pengpeng Hou and committed by
Thomas Bogendoerfer f992846d d1d0aa62

+4
+4
arch/mips/kernel/setup.c
··· 31 31 #include <linux/of_fdt.h> 32 32 #include <linux/dmi.h> 33 33 #include <linux/crash_dump.h> 34 + #include <linux/string.h> 34 35 35 36 #include <asm/addrspace.h> 36 37 #include <asm/bootinfo.h> ··· 542 541 543 542 p = of_get_flat_dt_prop(node, "bootargs", &l); 544 543 if (p != NULL && l > 0) { 544 + if (strnlen(p, l) >= l) 545 + return 1; 546 + 545 547 bootcmdline_append(p, min(l, COMMAND_LINE_SIZE)); 546 548 *dt_bootargs = true; 547 549 }