Commit 1056e5b4 authored Sep 19, 2023 by Siddhesh Poyarekar

tunables: Terminate if end of input is reached (CVE-2023-4911)



The string parsing routine may end up writing beyond bounds of tunestr
if the input tunable string is malformed, of the form name=name=val.
This gets processed twice, first as name=name=val and next as name=val,
resulting in tunestr being name=name=val:name=val, thus overflowing
tunestr.

Terminate the parsing loop at the first instance itself so that tunestr
does not overflow.

This also fixes up tst-env-setuid-tunables to actually handle failures
correct and add new tests to validate the fix for this CVE.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

parent 0d5f9ea9

Show whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit dcc367f1
· Oct 04, 2023

mentioned in commit dcc367f1

mentioned in commit dcc367f148bc92e7f3778a125f7a416b093964d9

Toggle commit list
mirror @mirror
mentioned in commit c84018a0
· Oct 04, 2023

mentioned in commit c84018a0

mentioned in commit c84018a05aec80f5ee6f682db0da1130b0196aef

Toggle commit list
mirror @mirror
mentioned in commit 22955ad8
· Oct 04, 2023

mentioned in commit 22955ad8

mentioned in commit 22955ad85186ee05834e47e665056148ca07699c

Toggle commit list
mirror @mirror
mentioned in commit b4e23c75
· Oct 04, 2023

mentioned in commit b4e23c75

mentioned in commit b4e23c75aea756b4bddc4abcf27a1c6dca8b6bd3

Toggle commit list
mirror @mirror
mentioned in commit 750a45a7
· Oct 04, 2023

mentioned in commit 750a45a7

mentioned in commit 750a45a783906a19591fb8ff6b7841470f1f5701

Toggle commit list

Please register or to comment