| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 01 Sep 2015 09:38:13 +0300
From: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
To: Andy Shevchenko <andy.shevchenko@...il.com>
Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>,
Ingo Molnar <mingo@...hat.com>,
"linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>,
Adrian Hunter <adrian.hunter@...el.com>,
Arnaldo Carvalho de Melo <acme@...radead.org>,
Vince Weaver <vince@...ter.net>,
Stephane Eranian <eranian@...gle.com>,
Johannes Berg <johannes@...solutions.net>
Subject: Re: [PATCH v2 1/6] perf: Introduce extended syscall error reporting
Andy Shevchenko <andy.shevchenko@...il.com> writes:
> On Mon, Aug 24, 2015 at 5:32 PM, Alexander Shishkin
> <alexander.shishkin@...ux.intel.com> wrote:
>> + /* trim the buffer to the supplied boundary */
>> + len = strlen(buffer);
>> + if (len >= attr->perf_err_size) {
>> + len = attr->perf_err_size - 1;
>> + buffer[len] = 0;
>> + }
>
> len = strnlen(buffer, attr->perf_err_size);
> buffer[len] = 0;
>
> And perhaps perf_err_size has to be length (perf_err_len) ?
>
>> +
>> + if (copy_to_user((void __user *)attr->perf_err, buffer, len + 1)) {
>> + /* if we failed to copy once, don't bother later */
>> + attr->perf_err_size = 0;
>
> Kaboom next time on buffer[-1] = 0; since len >= 0?
Of course, we never get here if attr::perf_err_size is 0, there's an
explicit check for that, but nice try.
Regards,
--
Alex
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists