Fixes a potential corruption with uninitialized stack memory in the seccomp BPF sample program.
Reported-by: Robert Swiecki <[email protected]> Signed-off-by: Kees Cook <[email protected]> --- samples/seccomp/bpf-fancy.c | 4 +++- samples/seccomp/bpf-helper.c | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/samples/seccomp/bpf-fancy.c b/samples/seccomp/bpf-fancy.c index 8eb483aaec46..e8b24f443709 100644 --- a/samples/seccomp/bpf-fancy.c +++ b/samples/seccomp/bpf-fancy.c @@ -25,7 +25,9 @@ int main(int argc, char **argv) { - struct bpf_labels l; + struct bpf_labels l = { + .count = 0, + }; static const char msg1[] = "Please type something: "; static const char msg2[] = "You typed: "; char buf[256]; diff --git a/samples/seccomp/bpf-helper.c b/samples/seccomp/bpf-helper.c index 579cfe331886..f9fa14d81798 100644 --- a/samples/seccomp/bpf-helper.c +++ b/samples/seccomp/bpf-helper.c @@ -10,6 +10,7 @@ */ #include <stdio.h> +#include <stdlib.h> #include <string.h> #include "bpf-helper.h" @@ -63,6 +64,10 @@ __u32 seccomp_bpf_label(struct bpf_labels *labels, const char *label) { struct __bpf_label *begin = labels->labels, *end; int id; + if (labels->count == BPF_LABELS_MAX) { + fprintf(stderr, "Too many labels\n"); + exit(1); + } if (labels->count == 0) { begin->label = label; begin->location = 0xffffffff; -- 1.9.1 -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
