Unverified Commit ee7a71bd authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!14151 CVE-2024-53142 

Merge Pull Request from: @ci-robot 
 
PR sync from: Liao Chen <liaochen4@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/HCFRU2UIAP27TL6OGJ72MH3DI7F2EDZX/ 
CVE-2024-53142

David Disseldorp (1):
  initramfs: avoid filename buffer overrun


-- 
2.34.1
 
https://gitee.com/src-openeuler/kernel/issues/IB9NOW 
 
Link:https://gitee.com/openeuler/kernel/pulls/14151

 

Reviewed-by: default avatarZhang Jianhua <chris.zjh@huawei.com>
Signed-off-by: default avatarZhang Peng <zhangpeng362@huawei.com>
parents 4e86e5e2 44960a6f

init/initramfs.c

+15 −0
Original line number Diff line number Diff line
@@ -457,6 +457,15 @@ static int __init do_name(void) 
{

	state = SkipIt;

	next_state = Reset;



	/* name_len > 0 && name_len <= PATH_MAX checked in do_header */

	if (collected[name_len - 1] != '\0') {

		pr_err("initramfs name without nulterm: %.*s\n",

		       (int)name_len, collected);

		error("malformed archive");

		return 1;

	}



	if (strcmp(collected, "TRAILER!!!") == 0) {

		free_hash();

		return 0;
@@ -571,6 +580,12 @@ static int __init do_copy(void) 


static int __init do_symlink(void)

{

	if (collected[name_len - 1] != '\0') {

		pr_err("initramfs symlink without nulterm: %.*s\n",

				(int)name_len, collected);

		error("malformed archive");

		return 1;

	}

	collected[N_ALIGN(name_len) + body_len] = '\0';

#ifdef CONFIG_IMA_DIGEST_LIST

	memcpy(previous_name_buf, collected, strlen(collected) + 1);