libkmod: fix buffer-overflow in weakdep_to_char
modprobe -c with any sample weakdep command in modprobe.d will overflow
memcpy due to size calculation not incorporating trailing null byte,
for example:
==462449==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50200000067b at pc 0x7a83fe6faf59 bp 0x7ffdf6c25060 sp 0x7ffdf6c24808
WRITE of size 12 at 0x50200000067b thread T0
0 0x7b687e6faf58 in memcpy /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
1 0x5e22b821235f in weakdep_to_char ../libkmod/libkmod-config.c:623
2 0x5e22b821235f in weakdep_get_plain_weakdep ../libkmod/libkmod-config.c:1166
3 0x5e22b821d049 in kmod_config_iter_get_value ../libkmod/libkmod-config.c:1317
4 0x5e22b81fd5ec in show_config ../tools/modprobe.c:187
5 0x5e22b81fd5ec in do_modprobe ../tools/modprobe.c:946
6 0x7b687d635487 (/usr/lib/libc.so.6+0x27487) (BuildId:
0b707b217b15b106c25fe51df3724b25848310c0)
7 0x7b687d63554b in __libc_start_main (/usr/lib/libc.so.6+0x2754b) (BuildId:
0b707b217b15b106c25fe51df3724b25848310c0)
8 0x5e22b81da114 in _start ($PWD/kmod+0xaa114) (BuildId:
c36444aefc2ca73423765d4ebf017a24e55017ee)
May also appear as:
*** buffer overflow detected ***: terminated
Aborted (core dumped)
Signed-off-by: Jakub Ślepecki <jakub.slepecki@intel.com>
Link: https://github.com/kmod-project/kmod/pull/324
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
Reviewed-by: Tobias Stoeckmann <tobias@stoeckmann.org>
projects / thirdparty / kmod.git / commit
