mirror of
https://github.com/torvalds/linux.git
synced 2024-12-01 00:21:32 +00:00
687f07156b
when the verifier log is enabled the print_bpf_insn() is doing bpf_alu_string[BPF_OP(insn->code) >> 4] and bpf_jmp_string[BPF_OP(insn->code) >> 4] where BPF_OP is a 4-bit instruction opcode. Malformed insns can cause out of bounds access. Fix it by sizing arrays appropriately. The bug was found by clang address sanitizer with libfuzzer. Reported-by: Yonghong Song <yhs@plumgrid.com> Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
arraymap.c | ||
core.c | ||
hashtab.c | ||
helpers.c | ||
Makefile | ||
syscall.c | ||
verifier.c |