lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Fri, 17 Apr 2015 15:19:04 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	LKML <linux-kernel@...r.kernel.org>
Cc:	Ingo Molnar <mingo@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Sasha Levin <sasha.levin@...cle.com>,
	Andrey Ryabinin <a.ryabinin@...sung.com>
Subject: [for-next][PATCH] tracing: Fix possible out of bounds memory access
 when parsing enums

  git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git
for-next

Head SHA1: 3193899d4dd54056f8c2e0b1e40dd6e2f0009f28


Steven Rostedt (Red Hat) (1):
      tracing: Fix possible out of bounds memory access when parsing enums

----
 kernel/trace/trace_events.c | 6 ++++++
 1 file changed, 6 insertions(+)
---------------------------
commit 3193899d4dd54056f8c2e0b1e40dd6e2f0009f28
Author: Steven Rostedt (Red Hat) <rostedt@...dmis.org>
Date:   Fri Apr 17 10:27:57 2015 -0400

    tracing: Fix possible out of bounds memory access when parsing enums
    
    The code that replaces the enum names with the enum values in the
    tracepoints' format files could possible miss the end of string nul
    character. This was caused by processing things like backslashes, quotes
    and other tokens. After processing the tokens, a check for the nul
    character needed to be done before continuing the loop, because the loop
    incremented the pointer before doing the check, which could bypass the nul
    character.
    
    Link: http://lkml.kernel.org/r/552E661D.5060502@oracle.com
    
    Reported-by: Sasha Levin <sasha.levin@...cle.com> # via KASan
    Tested-by: Andrey Ryabinin <a.ryabinin@...sung.com>
    Fixes: 0c564a538aa9 "tracing: Add TRACE_DEFINE_ENUM() macro to map enums to their values"
    Signed-off-by: Steven Rostedt <rostedt@...dmis.org>

diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
index 36a957c996c7..b49c107f82ac 100644
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
@@ -1760,6 +1760,8 @@ static void update_event_printk(struct ftrace_event_call *call,
 				ptr++;
 				/* Check for alpha chars like ULL */
 			} while (isalnum(*ptr));
+			if (!*ptr)
+				break;
 			/*
 			 * A number must have some kind of delimiter after
 			 * it, and we can ignore that too.
@@ -1786,12 +1788,16 @@ static void update_event_printk(struct ftrace_event_call *call,
 			do {
 				ptr++;
 			} while (isalnum(*ptr) || *ptr == '_');
+			if (!*ptr)
+				break;
 			/*
 			 * If what comes after this variable is a '.' or
 			 * '->' then we can continue to ignore that string.
 			 */
 			if (*ptr == '.' || (ptr[0] == '-' && ptr[1] == '>')) {
 				ptr += *ptr == '.' ? 1 : 2;
+				if (!*ptr)
+					break;
 				goto skip_more;
 			}
 			/*
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ