diff options
author | Oleg Nesterov <oleg@redhat.com> | 2013-05-16 17:43:55 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-05-16 12:01:11 -0700 |
commit | 264b83c07a84223f0efd0d1db9ccc66d6f88288f (patch) | |
tree | 509dd304b80cf3d53f03c03fcbbc99d05fec7924 /kernel | |
parent | 5c64e3a45d43c6e3fa87cbe02e10059171d10812 (diff) | |
download | linux-264b83c07a84223f0efd0d1db9ccc66d6f88288f.tar.gz linux-264b83c07a84223f0efd0d1db9ccc66d6f88288f.tar.bz2 linux-264b83c07a84223f0efd0d1db9ccc66d6f88288f.zip |
usermodehelper: check subprocess_info->path != NULL
argv_split(empty_or_all_spaces) happily succeeds, it simply returns
argc == 0 and argv[0] == NULL. Change call_usermodehelper_exec() to
check sub_info->path != NULL to avoid the crash.
This is the minimal fix, todo:
- perhaps we should change argv_split() to return NULL or change the
callers.
- kill or justify ->path[0] check
- narrow the scope of helper_lock()
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-By: Lucas De Marchi <lucas.demarchi@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/kmod.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/kernel/kmod.c b/kernel/kmod.c index 1296e72e4161..8241906c4b61 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -569,6 +569,11 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait) int retval = 0; helper_lock(); + if (!sub_info->path) { + retval = -EINVAL; + goto out; + } + if (sub_info->path[0] == '\0') goto out; |