Skip to content

Commit

Permalink
kernel: fix null pointer dereference for some case (#1075)
Browse files Browse the repository at this point in the history 
#973 __never_use_envp 被改名为 envp 并使用。

这导致 GKI 版本一旦代码运行到
[213](https://github.com/tiann/KernelSU/blob/344c08bb79ba12b692016750cda363f9f3500182/kernel/ksud.c#L213)
行(或许只有 WSA 等类似情况会跑到这?),就会触发一个空指针解引用。

此PR意在修复此问题,且已在WSA上测试。
  • Loading branch information
@qwerty472123
qwerty472123 authored Oct 23, 2023
1 parent f349507 commit 1b67c1b
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions kernel/ksud.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,9 +138,9 @@ static int __maybe_unused count(struct user_arg_ptr argv, int max)
return i;
}

// the call from execve_handler_pre won't provided correct value for __never_use_argument, use them after fix execve_handler_pre, keeping them for consistence for manually patched code
// IMPORTANT NOTE: the call from execve_handler_pre WON'T provided correct value for envp and flags in GKI version
int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *__never_use_flags)
struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags)
{
#ifndef CONFIG_KPROBES
if (!ksu_execveat_hook) {
Expand All @@ -167,7 +167,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
}

if (unlikely(!memcmp(filename->name, system_bin_init,
sizeof(system_bin_init) - 1))) {
sizeof(system_bin_init) - 1) && argv)) {
// /system/bin/init executed
int argc = count(*argv, MAX_ARG_STRINGS);
pr_info("/system/bin/init argc: %d\n", argc);
Expand All @@ -188,7 +188,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
}
}
} else if (unlikely(!memcmp(filename->name, old_system_init,
sizeof(old_system_init) - 1))) {
sizeof(old_system_init) - 1) && argv)) {
// /init executed
int argc = count(*argv, MAX_ARG_STRINGS);
pr_info("/init argc: %d\n", argc);
Expand All @@ -208,7 +208,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
} else {
pr_err("/init parse args err!\n");
}
} else if (argc == 1 && !init_second_stage_executed) {
} else if (argc == 1 && !init_second_stage_executed && envp) {
/* This applies to versions between Android 8 ~ 9 */
int envc = count(*envp, MAX_ARG_STRINGS);
if (envc > 0) {
Expand Down

0 comments on commit 1b67c1b

Please sign in to comment.