From: Kunwu Chan chentao@kylinos.cn
mainline inclusion from mainline-v6.9-rc1 commit 98bc7e26e14fbb26a6abf97603d59532475e97f8 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9QGKD CVE: CVE-2024-35940
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.
Signed-off-by: Kunwu Chan chentao@kylinos.cn Link: https://lore.kernel.org/r/20240118100206.213928-1-chentao@kylinos.cn Signed-off-by: Kees Cook keescook@chromium.org Signed-off-by: Zeng Heng zengheng4@huawei.com --- fs/pstore/zone.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/fs/pstore/zone.c b/fs/pstore/zone.c index b50fc33f2ab2..2426fb6794fd 100644 --- a/fs/pstore/zone.c +++ b/fs/pstore/zone.c @@ -973,6 +973,8 @@ static ssize_t psz_kmsg_read(struct pstore_zone *zone, char *buf = kasprintf(GFP_KERNEL, "%s: Total %d times\n", kmsg_dump_reason_str(record->reason), record->count); + if (!buf) + return -ENOMEM; hlen = strlen(buf); record->buf = krealloc(buf, hlen + size, GFP_KERNEL); if (!record->buf) {