| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190220165443.152385-1-jannh@google.com>
Date: Wed, 20 Feb 2019 17:54:43 +0100
From: Jann Horn <jannh@...gle.com>
To: Ingo Molnar <mingo@...nel.org>,
Steven Rostedt <rostedt@...dmis.org>, jannh@...gle.com
Cc: linux-kernel@...r.kernel.org, Song Liu <songliubraving@...com>,
Masami Hiramatsu <mhiramat@...nel.org>
Subject: [PATCH v2] perf/core: use strndup_user() instead of buggy open-coded version
The first version of this method was missing the check for
`ret == PATH_MAX`; then such a check was added, but it didn't call kfree()
on error, so there was still a small memory leak in the error case.
Fix it by using strndup_user() instead of open-coding it.
Fixes: 0eadcc7a7bc0 ("perf/core: Fix perf_uprobe_init()")
Signed-off-by: Jann Horn <jannh@...gle.com>
---
v2:
- be compatible with existing error codes (Masami Hiramatsu)
kernel/trace/trace_event_perf.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c
index 76217bbef815..4629a6104474 100644
--- a/kernel/trace/trace_event_perf.c
+++ b/kernel/trace/trace_event_perf.c
@@ -299,15 +299,13 @@ int perf_uprobe_init(struct perf_event *p_event,
if (!p_event->attr.uprobe_path)
return -EINVAL;
- path = kzalloc(PATH_MAX, GFP_KERNEL);
- if (!path)
- return -ENOMEM;
- ret = strncpy_from_user(
- path, u64_to_user_ptr(p_event->attr.uprobe_path), PATH_MAX);
- if (ret == PATH_MAX)
- return -E2BIG;
- if (ret < 0)
- goto out;
+
+ path = strndup_user(u64_to_user_ptr(p_event->attr.uprobe_path),
+ PATH_MAX);
+ if (IS_ERR(path)) {
+ ret = PTR_ERR(path);
+ return (ret == -EINVAL) ? -E2BIG : ret;
+ }
if (path[0] == '\0') {
ret = -EINVAL;
goto out;
--
2.21.0.rc0.258.g878e2cd30e-goog
Powered by blists - more mailing lists