coredump: fix null pointer dereference on coredump

sudipm-mukherjee · torvalds · commit db973a7289da · 2020-04-21T11:11:56.000-07:00
If the core_pattern is set to "|" and any process segfaults then we get a null pointer derefernce while trying to coredump. The call stack shows: RIP: do_coredump+0x628/0x11c0 When the core_pattern has only "|" there is no use of trying the coredump and we can check that while formating the corename and exit with an error. After this change I get: format_corename failed Aborting core Fixes: 315c692 ("coredump: split pipe command whitespace before expanding template") Reported-by: Matthew Ruffell <matthew.ruffell@canonical.com> Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: Paul Wise <pabs3@bonedaddy.net> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Neil Horman <nhorman@tuxdriver.com> Cc: <stable@vger.kernel.org> Link: http://lkml.kernel.org/r/20200416194612.21418-1-sudipm.mukherjee@gmail.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
diff --git a/fs/coredump.c b/fs/coredump.c
@@ -211,6 +211,8 @@ static int format_corename(struct core_name *cn, struct coredump_params *cprm,
 			return -ENOMEM;
 		(*argv)[(*argc)++] = 0;
 		++pat_ptr;
+		if (!(*pat_ptr))
+			return -ENOMEM;
 	}
 
 	/* Repeat as long as we have more pattern to process and more output

Original file line number	Diff line number	Diff line change
`@@ -211,6 +211,8 @@ static int format_corename(struct core_name cn, struct coredump_params cprm,`
`211`	`211`	`return -ENOMEM;`
`212`	`212`	`(argv)[(argc)++] = 0;`
`213`	`213`	`++pat_ptr;`
	`214`	`+ if (!(*pat_ptr))`
	`215`	`+ return -ENOMEM;`
`214`	`216`	`}`
`215`	`217`
`216`	`218`	`/* Repeat as long as we have more pattern to process and more output`