lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Feb 2019 20:45:02 +0900 From: Masami Hiramatsu <mhiramat@...nel.org> To: Jann Horn <jannh@...gle.com> Cc: Ingo Molnar <mingo@...nel.org>, Steven Rostedt <rostedt@...dmis.org>, linux-kernel@...r.kernel.org, Song Liu <songliubraving@...com>, Masami Hiramatsu <mhiramat@...nel.org> Subject: Re: [PATCH] perf/core: use strndup_user() instead of buggy open-coded version On Mon, 18 Feb 2019 23:07:23 +0100 Jann Horn <jannh@...gle.com> wrote: > The first version of this method was missing the check for > `ret == PATH_MAX`; then such a check was added, but it didn't call kfree() > on error, so there was still a small memory leak in the error case. > Fix it by using strndup_user() instead of open-coding it. > This looks good to me. Reviewed-by: Masami Hiramatsu <mhiramat@...nel.org> Thank you! > Fixes: 0eadcc7a7bc0 ("perf/core: Fix perf_uprobe_init()") > Signed-off-by: Jann Horn <jannh@...gle.com> > --- > compile-tested only > > kernel/trace/trace_event_perf.c | 14 +++++--------- > 1 file changed, 5 insertions(+), 9 deletions(-) > > diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c > index 76217bbef815..c744b02081c3 100644 > --- a/kernel/trace/trace_event_perf.c > +++ b/kernel/trace/trace_event_perf.c > @@ -299,15 +299,11 @@ int perf_uprobe_init(struct perf_event *p_event, > > if (!p_event->attr.uprobe_path) > return -EINVAL; > - path = kzalloc(PATH_MAX, GFP_KERNEL); > - if (!path) > - return -ENOMEM; > - ret = strncpy_from_user( > - path, u64_to_user_ptr(p_event->attr.uprobe_path), PATH_MAX); > - if (ret == PATH_MAX) > - return -E2BIG; > - if (ret < 0) > - goto out; > + > + path = strndup_user(u64_to_user_ptr(p_event->attr.uprobe_path), > + PATH_MAX); > + if (IS_ERR(path)) > + return PTR_ERR(path); > if (path[0] == '\0') { > ret = -EINVAL; > goto out; > -- > 2.21.0.rc0.258.g878e2cd30e-goog > -- Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists