| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Apr 2017 12:52:10 +0000
From: David Laight <David.Laight@...LAB.COM>
To: "'Naveen N. Rao'" <naveen.n.rao@...ux.vnet.ibm.com>,
Michael Ellerman <mpe@...erman.id.au>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>,
"Masami Hiramatsu" <mhiramat@...nel.org>,
Ingo Molnar <mingo@...nel.org>
Subject: RE: [PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a
function
From: Naveen N. Rao
> Sent: 12 April 2017 11:58
...
> +kprobe_opcode_t *kprobe_lookup_name(const char *name)
> +{
...
> + char dot_name[MODULE_NAME_LEN + 1 + KSYM_NAME_LEN];
> + const char *modsym;
> + bool dot_appended = false;
> + if ((modsym = strchr(name, ':')) != NULL) {
> + modsym++;
> + if (*modsym != '\0' && *modsym != '.') {
> + /* Convert to <module:.symbol> */
> + strncpy(dot_name, name, modsym - name);
> + dot_name[modsym - name] = '.';
> + dot_name[modsym - name + 1] = '\0';
> + strncat(dot_name, modsym,
> + sizeof(dot_name) - (modsym - name) - 2);
> + dot_appended = true;
If the ':' is 'a way down' name[] then although the strncpy() won't
overrun dot_name[] the rest of the code can.
The strncat() call is particularly borked.
David
Powered by blists - more mailing lists