summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOleg Nesterov <oleg@redhat.com>2013-05-16 17:43:55 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2013-05-16 21:01:11 +0200
commit264b83c07a84223f0efd0d1db9ccc66d6f88288f (patch)
tree509dd304b80cf3d53f03c03fcbbc99d05fec7924
parentMerge branch 'queue' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/tar... (diff)
downloadlinux-264b83c07a84223f0efd0d1db9ccc66d6f88288f.tar.xz
linux-264b83c07a84223f0efd0d1db9ccc66d6f88288f.zip
usermodehelper: check subprocess_info->path != NULL
argv_split(empty_or_all_spaces) happily succeeds, it simply returns argc == 0 and argv[0] == NULL. Change call_usermodehelper_exec() to check sub_info->path != NULL to avoid the crash. This is the minimal fix, todo: - perhaps we should change argv_split() to return NULL or change the callers. - kill or justify ->path[0] check - narrow the scope of helper_lock() Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-By: Lucas De Marchi <lucas.demarchi@intel.com> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--kernel/kmod.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 1296e72e4161..8241906c4b61 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -569,6 +569,11 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait)
int retval = 0;
helper_lock();
+ if (!sub_info->path) {
+ retval = -EINVAL;
+ goto out;
+ }
+
if (sub_info->path[0] == '\0')
goto out;