| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jun 2019 22:16:46 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Masami Hiramatsu <mhiramat@...nel.org>
Cc: Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org,
Tom Zanussi <tom.zanussi@...ux.intel.com>,
Ravi Bangoria <ravi.bangoria@...ux.ibm.com>,
Namhyung Kim <namhyung@...nel.org>,
Arnaldo Carvalho de Melo <acme@...nel.org>
Subject: Re: [PATCH 16/21] tracing/uprobe: Add per-probe delete from event
On Sat, 1 Jun 2019 00:19:17 +0900
Masami Hiramatsu <mhiramat@...nel.org> wrote:
> +static bool trace_uprobe_match_command_head(struct trace_uprobe *tu,
> + int argc, const char **argv)
> +{
> + char buf[MAX_ARGSTR_LEN + 1];
> + int len;
> +
> + if (!argc)
> + return true;
> +
> + len = strlen(tu->filename);
> + if (argv[0][len] != ':' || strncmp(tu->filename, argv[0], len))
Hmm, isn't it possible that 'len' can be greater than whatever argv[0] is?
The argv[0][len] looks very dangerous to me.
Perhaps that should be changed to:
if (!(!strncmp(tu->filename, argv[0], len) && argv[0][len] == ':'))
That way, the test of argv[0][len] will only happen if argv[0] is of length len.
-- Steve
> + return false;
> +
> + if (tu->ref_ctr_offset == 0)
> + snprintf(buf, sizeof(buf), "0x%0*lx",
> + (int)(sizeof(void *) * 2), tu->offset);
> + else
> + snprintf(buf, sizeof(buf), "0x%0*lx(0x%lx)",
> + (int)(sizeof(void *) * 2), tu->offset,
> + tu->ref_ctr_offset);
> + if (strcmp(buf, &argv[0][len + 1]))
> + return false;
> +
> + argc--; argv++;
> +
> + return trace_probe_match_command_args(&tu->tp, argc, argv);
> +}
> +
Powered by blists - more mailing lists