From: Pengpeng Hou Date: Sun, 5 Apr 2026 00:42:00 +0000 (+0800) Subject: ARM: xen: validate hypervisor compatible before parsing its version X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f45ab27774aadeee28f093a9f074892e9bebb586;p=thirdparty%2Fkernel%2Flinux.git ARM: xen: validate hypervisor compatible before parsing its version fdt_find_hyper_node() reads the raw compatible property and then derives hyper_node.version from a prefix match before later printing it with %s. Flat DT properties are external boot input, and this path does not prove that the first compatible entry is NUL-terminated within the returned property length. Keep the existing flat-DT lookup path, but verify that the first compatible entry terminates within the returned property length before deriving the version suffix from it. Signed-off-by: Pengpeng Hou Reviewed-by: Stefano Stabellini Signed-off-by: Juergen Gross Message-ID: <20260405094005.5-arm-xen-v2-pengpeng@iscas.ac.cn> --- diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c index 4feed2c2498dd..25a0ce3b4584a 100644 --- a/arch/arm/xen/enlighten.c +++ b/arch/arm/xen/enlighten.c @@ -218,8 +218,9 @@ static __initdata struct { static int __init fdt_find_hyper_node(unsigned long node, const char *uname, int depth, void *data) { - const void *s = NULL; + const char *s = NULL; int len; + size_t prefix_len = strlen(hyper_node.prefix); if (depth != 1 || strcmp(uname, "hypervisor") != 0) return 0; @@ -228,9 +229,10 @@ static int __init fdt_find_hyper_node(unsigned long node, const char *uname, hyper_node.found = true; s = of_get_flat_dt_prop(node, "compatible", &len); - if (strlen(hyper_node.prefix) + 3 < len && - !strncmp(hyper_node.prefix, s, strlen(hyper_node.prefix))) - hyper_node.version = s + strlen(hyper_node.prefix); + if (s && len > 0 && strnlen(s, len) < len && + len > prefix_len + 3 && + !strncmp(hyper_node.prefix, s, prefix_len)) + hyper_node.version = s + prefix_len; /* * Check if Xen supports EFI by checking whether there is the