lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 06 Mar 2019 05:16:59 -0500
From:   Steven Rostedt <>
Cc:     Ingo Molnar <>,
        Andrew Morton <>,
        Tom Zanussi <>
Subject: [for-next][PATCH 2/2] tracing: Use strncpy instead of memcpy when copying comm in trace.c

From: Tom Zanussi <>

Because there may be random garbage beyond a string's null terminator,
code that might use the entire comm array e.g. histogram keys, can
give unexpected results if that garbage is copied in too, so avoid
that possibility by using strncpy instead of memcpy.


Signed-off-by: Tom Zanussi <>
Suggested-by: Steven Rostedt (VMware) <>
Signed-off-by: Steven Rostedt (VMware) <>
 kernel/trace/trace.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 3835f7ed3293..e9cc47e59d25 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1497,7 +1497,7 @@ __update_max_tr(struct trace_array *tr, struct task_struct *tsk, int cpu)
 	max_data->critical_start = data->critical_start;
 	max_data->critical_end = data->critical_end;
-	memcpy(max_data->comm, tsk->comm, TASK_COMM_LEN);
+	strncpy(max_data->comm, tsk->comm, TASK_COMM_LEN);
 	max_data->pid = tsk->pid;
 	 * If tsk == current, then use current_uid(), as that does not use
@@ -1923,7 +1923,7 @@ static inline char *get_saved_cmdlines(int idx)
 static inline void set_cmdline(int idx, const char *cmdline)
-	memcpy(get_saved_cmdlines(idx), cmdline, TASK_COMM_LEN);
+	strncpy(get_saved_cmdlines(idx), cmdline, TASK_COMM_LEN);
 static int allocate_cmdlines_buffer(unsigned int val,

Powered by blists - more mailing lists