lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1431603304-162571-7-git-send-email-long.wanglong@huawei.com>
Date:	Thu, 14 May 2015 11:34:53 +0000
From:	Wang Long <long.wanglong@...wei.com>
To:	<rostedt@...dmis.org>, <jkosina@...e.cz>,
	<gregkh@...uxfoundation.org>
CC:	<stable@...r.kernel.org>, <wanglong@...qinren.net>,
	<peifeiyue@...wei.com>, <linux-kernel@...r.kernel.org>,
	<morgan.wang@...wei.com>, <paulmck@...ux.vnet.ibm.com>,
	<pmladek@...e.cz>, <dzickus@...hat.com>, <x86@...nel.org>,
	<sasha.levin@...cle.com>
Subject: [RFC PATCH 06/17] tracing: Use trace_seq_used() and seq_buf_used() instead of len

From: "Steven Rostedt (Red Hat)" <rostedt@...dmis.org>

commit 5ac48378414dccca735897c4d7f4e19987c8977c upstream.

As the seq_buf->len will soon be +1 size when there's an overflow, we
must use trace_seq_used() or seq_buf_used() methods to get the real
length. This will prevent buffer overflow issues if just the len
of the seq_buf descriptor is used to copy memory.

Link: http://lkml.kernel.org/r/20141114121911.09ba3d38@gandalf.local.home

Reported-by: Petr Mladek <pmladek@...e.cz>
[wanglong: backport to 3.10 stable
- only backport seq_buf related
]
Signed-off-by: Wang Long <long.wanglong@...wei.com>
Signed-off-by: Steven Rostedt <rostedt@...dmis.org>
---
 kernel/trace/seq_buf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/seq_buf.c b/kernel/trace/seq_buf.c
index 9ec5305..ce17f65 100644
--- a/kernel/trace/seq_buf.c
+++ b/kernel/trace/seq_buf.c
@@ -328,7 +328,7 @@ int seq_buf_to_user(struct seq_buf *s, char __user *ubuf, int cnt)
 	if (s->len <= s->readpos)
 		return -EBUSY;
 
-	len = s->len - s->readpos;
+	len = seq_buf_used(s) - s->readpos;
 	if (cnt > len)
 		cnt = len;
 	ret = copy_to_user(ubuf, s->buffer + s->readpos, cnt);
-- 
1.8.3.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ