[thirdparty/kernel/stable-queue.git] / releases / 3.0.79 / usermodehelper-check-subprocess_info-path-null.patch

From 264b83c07a84223f0efd0d1db9ccc66d6f88288f Mon Sep 17 00:00:00 2001
From: Oleg Nesterov <oleg@redhat.com>
Date: Thu, 16 May 2013 17:43:55 +0200
Subject: usermodehelper: check subprocess_info->path != NULL

From: Oleg Nesterov <oleg@redhat.com>

commit 264b83c07a84223f0efd0d1db9ccc66d6f88288f upstream.

argv_split(empty_or_all_spaces) happily succeeds, it simply returns
argc == 0 and argv[0] == NULL. Change call_usermodehelper_exec() to
check sub_info->path != NULL to avoid the crash.

This is the minimal fix, todo:

 - perhaps we should change argv_split() to return NULL or change the
   callers.

 - kill or justify ->path[0] check

 - narrow the scope of helper_lock()

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-By: Lucas De Marchi <lucas.demarchi@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/kmod.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -421,6 +421,11 @@ int call_usermodehelper_exec(struct subp
 	int retval = 0;
 
 	helper_lock();
+	if (!sub_info->path) {
+		retval = -EINVAL;
+		goto out;
+	}
+
 	if (sub_info->path[0] == '\0')
 		goto out;
Commit	Line	Data
c0e0a2bf GKH	1	From 264b83c07a84223f0efd0d1db9ccc66d6f88288f Mon Sep 17 00:00:00 2001
	2	From: Oleg Nesterov <oleg@redhat.com>
	3	Date: Thu, 16 May 2013 17:43:55 +0200
	4	Subject: usermodehelper: check subprocess_info->path != NULL
	5
	6	From: Oleg Nesterov <oleg@redhat.com>
	7
	8	commit 264b83c07a84223f0efd0d1db9ccc66d6f88288f upstream.
	9
	10	argv_split(empty_or_all_spaces) happily succeeds, it simply returns
	11	argc == 0 and argv[0] == NULL. Change call_usermodehelper_exec() to
	12	check sub_info->path != NULL to avoid the crash.
	13
	14	This is the minimal fix, todo:
	15
	16	- perhaps we should change argv_split() to return NULL or change the
	17	callers.
	18
	19	- kill or justify ->path[0] check
	20
	21	- narrow the scope of helper_lock()
	22
	23	Signed-off-by: Oleg Nesterov <oleg@redhat.com>
	24	Acked-By: Lucas De Marchi <lucas.demarchi@intel.com>
	25	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
	26	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	27
	28	---
	29	kernel/kmod.c \| 5 +++++
	30	1 file changed, 5 insertions(+)
	31
	32	--- a/kernel/kmod.c
	33	+++ b/kernel/kmod.c
	34	@@ -421,6 +421,11 @@ int call_usermodehelper_exec(struct subp
	35	int retval = 0;
	36
	37	helper_lock();
	38	+ if (!sub_info->path) {
	39	+ retval = -EINVAL;
	40	+ goto out;
	41	+ }
	42	+
	43	if (sub_info->path[0] == '\0')
	44	goto out;
	45