Commit e03ba84adb62fbc6049325a5bc00ef6932fa5e39
Committed by
Herbert Xu
Herbert Xu
1 parent
67b4af2970
Exists in
master
and in
4 other branches
[TEXTSEARCH]: Do not allow zero length patterns in the textsearch infrastructure
If a zero length pattern is passed then return EINVAL. Avoids infinite loops (bm) or invalid memory accesses (kmp). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 1 changed file with 6 additions and 2 deletions Side-by-side Diff
lib/textsearch.c
| ... | ... | @@ -7,7 +7,7 @@ |
| 7 | 7 | * 2 of the License, or (at your option) any later version. |
| 8 | 8 | * |
| 9 | 9 | * Authors: Thomas Graf <tgraf@suug.ch> |
| 10 | - * Pablo Neira Ayuso <pablo@eurodev.net> | |
| 10 | + * Pablo Neira Ayuso <pablo@netfilter.org> | |
| 11 | 11 | * |
| 12 | 12 | * ========================================================================== |
| 13 | 13 | * |
| ... | ... | @@ -250,7 +250,8 @@ |
| 250 | 250 | * the various search algorithms. |
| 251 | 251 | * |
| 252 | 252 | * Returns a new textsearch configuration according to the specified |
| 253 | - * parameters or a ERR_PTR(). | |
| 253 | + * parameters or a ERR_PTR(). If a zero length pattern is passed, this | |
| 254 | + * function returns EINVAL. | |
| 254 | 255 | */ |
| 255 | 256 | struct ts_config *textsearch_prepare(const char *algo, const void *pattern, |
| 256 | 257 | unsigned int len, gfp_t gfp_mask, int flags) |
| ... | ... | @@ -259,6 +260,9 @@ |
| 259 | 260 | struct ts_config *conf; |
| 260 | 261 | struct ts_ops *ops; |
| 261 | 262 | |
| 263 | + if (len == 0) | |
| 264 | + return ERR_PTR(-EINVAL); | |
| 265 | + | |
| 262 | 266 | ops = lookup_ts_algo(algo); |
| 263 | 267 | #ifdef CONFIG_KMOD |
| 264 | 268 | /* |