kconfig: require a space after '#' for valid input

[ Upstream commit 4d137ab0107ead0f2590fc0314e627431e3b9e3f ]

Currently, when an input line starts with '#', (line + 2) is passed to
memcmp() without checking line[1].

It means that line[1] can be any arbitrary character. For example,
"#KCONFIG_FOO is not set" is accepted as valid input, functioning the
same as "# CONFIG_FOO is not set".

More importantly, this can potentially lead to a buffer overrun if
line[1] == '\0'. It occurs if the input only contains '#', as
(line + 2) points to an uninitialized buffer.

Check line[1], and skip the line if it is not a space.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Stable-dep-of: a409fc1463d6 ("kconfig: fix memory leak in sym_warn_unmet_dep()")
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index 033f2882436d3efc9cd8847e88c5039c8bbc95cd..80160aee01ff62f40e284328940cf6c4e3de0d50 100644 (file)
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -434,6 +434,8 @@ load:
                conf_lineno++;
                sym = NULL;
                if (line[0] == '#') {
+                       if (line[1] != ' ')
+                               continue;
                        if (memcmp(line + 2, CONFIG_, strlen(CONFIG_)))
                                continue;
                        p = strchr(line + 2 + strlen(CONFIG_), ' ');