VirtualBox

Changes between Initial Version and Version 1 of Ticket #16837


Ignore:
Timestamp:
Jun 20, 2017 12:01:47 PM (7 years ago)
Author:
Frank Mehnert
Comment:

That case is handled here:

    if (name != d_name)
        kfree(name);

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #16837

    • Property Status newclosed
    • Property Resolutioninvalid
  • Ticket #16837 – Description

    initial v1  
    11Function sf_path_from_dentry in src/VBox/Additions/linux/sharedfolders/utils.c is allocating a buffer using kmalloc but it does not check if the allocation failed:
    2 
     2{{{
    33        out_bound_len = PATH_MAX;
    44        out = kmalloc(out_bound_len, GFP_KERNEL);
    55        name = out;
    6 
     6}}}
    77..and later it is dereferenced leading to a potential NULL pointer dereference crash.
    8 
     8{{{
    99        LogFunc(("result(%d) = %.*s\n", len, len, name));
    1010        *out = 0;
    11 
     11}}}
    1212I suggest that the kmalloc failure case needs to be handled correctly.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy