Unverified Commit 098a595b authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!14147 CVE-2024-53142 

Merge Pull Request from: @ci-robot 
 
PR sync from: Liao Chen <liaochen4@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/B3BK7S746WIDBOC2HL7RAK3QKU47E4XQ/ 
CVE-2024-53142

David Disseldorp (1):
  initramfs: avoid filename buffer overrun


-- 
2.34.1
 
https://gitee.com/src-openeuler/kernel/issues/IB9NOW 
 
Link:https://gitee.com/openeuler/kernel/pulls/14147

 

Reviewed-by: default avatarZhang Jianhua <chris.zjh@huawei.com>
Reviewed-by: default avatarYuan Can <yuancan@huawei.com>
Signed-off-by: default avatarYuan Can <yuancan@huawei.com>
parents faa52e40 f2c2db68

init/initramfs.c

+15 −0
Original line number Original line Diff line number Diff line
@@ -321,6 +321,15 @@ static int __init do_name(void) 
{

{

	state = SkipIt;

	state = SkipIt;

	next_state = Reset;

	next_state = Reset;



	/* name_len > 0 && name_len <= PATH_MAX checked in do_header */

	if (collected[name_len - 1] != '\0') {

		pr_err("initramfs name without nulterm: %.*s\n",

		       (int)name_len, collected);

		error("malformed archive");

		return 1;

	}



	if (strcmp(collected, "TRAILER!!!") == 0) {

	if (strcmp(collected, "TRAILER!!!") == 0) {

		free_hash();

		free_hash();

		return 0;

		return 0;
@@ -382,6 +391,12 @@ static int __init do_copy(void) 




static int __init do_symlink(void)

static int __init do_symlink(void)

{

{

	if (collected[name_len - 1] != '\0') {

		pr_err("initramfs symlink without nulterm: %.*s\n",

		       (int)name_len, collected);

		error("malformed archive");

		return 1;

	}

	collected[N_ALIGN(name_len) + body_len] = '\0';

	collected[N_ALIGN(name_len) + body_len] = '\0';

	clean_path(collected, 0);

	clean_path(collected, 0);

	ksys_symlink(collected + N_ALIGN(name_len), collected);

	ksys_symlink(collected + N_ALIGN(name_len), collected);