| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181111174751.kaw2d7gsatiezagu@decadent.org.uk>
Date: Tue, 20 Nov 2018 19:41:37 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: linux-kernel@...r.kernel.org
Subject: [PATCH] perf tools: Check for over-long path in is_directory()
is_directory() uses sprintf() which could potentially result in a
stack buffer overrun. Change to use snprintf() and assert that
the output fits in the buffer.
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
A better fix would be to pass the directory fd in and use fstatat()
but I don't know whether you want to support older kernel versions
or C libraries that don't support this.
Ben.
tools/perf/util/path.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/path.c b/tools/perf/util/path.c
index ca56ba2dd3da..333e20f78ced 100644
--- a/tools/perf/util/path.c
+++ b/tools/perf/util/path.c
@@ -84,8 +84,11 @@ bool is_directory(const char *base_path, const struct dirent *dent)
{
char path[PATH_MAX];
struct stat st;
+ int len;
+
+ len = snprintf(path, sizeof(path), "%s/%s", base_path, dent->d_name);
+ assert((size_t)len < sizeof(path));
- sprintf(path, "%s/%s", base_path, dent->d_name);
if (stat(path, &st))
return false;
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists