lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 20 Nov 2018 19:41:37 +0000
From:   Ben Hutchings <ben@...adent.org.uk>
To:     Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:     linux-kernel@...r.kernel.org
Subject: [PATCH] perf tools: Check for over-long path in is_directory()

is_directory() uses sprintf() which could potentially result in a
stack buffer overrun.  Change to use snprintf() and assert that
the output fits in the buffer.

Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
A better fix would be to pass the directory fd in and use fstatat()
but I don't know whether you want to support older kernel versions
or C libraries that don't support this.

Ben.

 tools/perf/util/path.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/path.c b/tools/perf/util/path.c
index ca56ba2dd3da..333e20f78ced 100644
--- a/tools/perf/util/path.c
+++ b/tools/perf/util/path.c
@@ -84,8 +84,11 @@ bool is_directory(const char *base_path, const struct dirent *dent)
 {
 	char path[PATH_MAX];
 	struct stat st;
+	int len;
+
+	len = snprintf(path, sizeof(path), "%s/%s", base_path, dent->d_name);
+	assert((size_t)len < sizeof(path));
 
-	sprintf(path, "%s/%s", base_path, dent->d_name);
 	if (stat(path, &st))
 		return false;
 

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ