1. Patchew
  2. linux
  3. [PATCH v3 00/17] bootconfig: fixes, cleanups, and modernization
  4. View patch

[PATCH v3 15/17] lib/bootconfig: validate child node index in xbc_verify_tree()

Josh Law posted 17 patches 3 weeks, 2 days ago
There is a newer version of this series
[PATCH v3 15/17] lib/bootconfig: validate child node index in xbc_verify_tree()
Posted by Josh Law 3 weeks, 2 days ago 
xbc_verify_tree() validates that each node's next index is within
bounds, but does not check the child index.  If a parser bug ever
sets an out-of-bounds child value, xbc_node_get_child() would return
a pointer outside the xbc_nodes array.  Add the same bounds check
for the child field.

Signed-off-by: Josh Law <objecting@objecting.org>
---
 lib/bootconfig.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/bootconfig.c b/lib/bootconfig.c
index 0823491221f4..038f56689a48 100644
--- a/lib/bootconfig.c
+++ b/lib/bootconfig.c
@@ -823,6 +823,10 @@ static int __init xbc_verify_tree(void)
 			return xbc_parse_error("No closing brace",
 				xbc_node_get_data(xbc_nodes + i));
 		}
+		if (xbc_nodes[i].child >= xbc_node_num) {
+			return xbc_parse_error("Broken child node",
+				xbc_node_get_data(xbc_nodes + i));
+		}
 	}
 
 	/* Key tree limitation check */
-- 
2.34.1

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.