[TEXTSEARCH]: Do not allow zero length patterns in the textsearch infrastructure

If a zero length pattern is passed then return EINVAL. Avoids infinite loops (bm) or invalid memory accesses (kmp). Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N Patrick McHardy <kaber@trash.net> Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au>

[TEXTSEARCH]: Do not allow zero length patterns in the textsearch infrastructure
If a zero length pattern is passed then return EINVAL. Avoids infinite loops (bm) or invalid memory accesses (kmp). Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N Patrick McHardy <kaber@trash.net> Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au>
e03ba84a · Pablo Neira Ayuso · Herbert Xu · 67b4af29 · e03ba84a
隐藏空白更改
内联并排

Showing with 6 addition and 2 deletion

lib/textsearch.c lib/textsearch.c +6 -2

未找到文件。
--- a/lib/textsearch.c
+++ b/lib/textsearch.c
@@ -7,7 +7,7 @@
 *		2 of the License, or (at your option) any later version.
 *
 * Authors:	Thomas Graf <tgraf@suug.ch>
- * 		Pablo Neira Ayuso <pablo@eurodev.net>
+ * 		Pablo Neira Ayuso <pablo@netfilter.org>
 *
 * ==========================================================================
 *
@@ -250,7 +250,8 @@ unsigned int textsearch_find_continuous(struct ts_config *conf,
 *       the various search algorithms.
 *
 * Returns a new textsearch configuration according to the specified
- *         parameters or a ERR_PTR().
+ * parameters or a ERR_PTR(). If a zero length pattern is passed, this
+ * function returns EINVAL.
 */
 struct ts_config *textsearch_prepare(const char *algo, const void *pattern,
 				     unsigned int len, gfp_t gfp_mask, int flags)
@@ -259,6 +260,9 @@ struct ts_config *textsearch_prepare(const char *algo, const void *pattern,
 	struct ts_config *conf;
 	struct ts_ops *ops;
 	
+	if (len == 0)
+		return ERR_PTR(-EINVAL);
+
 	ops = lookup_ts_algo(algo);
 #ifdef CONFIG_KMOD
 	/*