module: harden ELF info handling (ec2a2959) · Commits · Mirrors / git.yoctoproject.org / linux-yocto · GitLab

Commit ec2a2959 authored Jan 14, 2021 by

Frank van der Linden Committed by Jessica Yu Jan 19, 2021

module: harden ELF info handling

5fdc7db6 ("module: setup load info before module_sig_check()")
moved the ELF setup, so that it was done before the signature
check. This made the module name available to signature error
messages.

However, the checks for ELF correctness in setup_load_info
are not sufficient to prevent bad memory references due to
corrupted offset fields, indices, etc.

So, there's a regression in behavior here: a corrupt and unsigned
(or badly signed) module, which might previously have been rejected
immediately, can now cause an oops/crash.

Harden ELF handling for module loading by doing the following:

- Move the signature check back up so that it comes before ELF
  initialization. It's best to do the signature check to see
  if we can trust the module, before using the ELF structures
  inside it. This also makes checks against info->len
  more accurate again, as this field will be reduced by the
  length of the signature in mod_check_sig().

  The module name is now once again not a...

parent ebfac7b7

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 09cb6663
· Jul 15, 2022

mentioned in commit 09cb6663

mentioned in commit 09cb6663618a74fe5572a4931ecbf098832e79ec

Toggle commit list

Please register or to comment