lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190710081922.GA7020@jagdpanzerIV>
Date:   Wed, 10 Jul 2019 17:19:22 +0900
From:   Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>
To:     Vincent Whitchurch <vincent.whitchurch@...s.com>
Cc:     Petr Mladek <pmladek@...e.com>,
        Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>,
        "sergey.senozhatsky@...il.com" <sergey.senozhatsky@...il.com>,
        "rostedt@...dmis.org" <rostedt@...dmis.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] printk: Do not lose last line in kmsg dump

On (07/10/19 10:04), Vincent Whitchurch wrote:
> > > [..]
> > > 
> > > > @@ -1318,7 +1318,7 @@ static size_t msg_print_text(const struct printk_log *msg, bool syslog,
> > > >  		}
> > > >  
> > > >  		if (buf) {
> > > > -			if (prefix_len + text_len + 1 >= size - len)
> > > > +			if (prefix_len + text_len + 1 > size - len)
> > > >  				break;
> > > 
> > > So with this patch the last byte of the buffer is 0xA. It's a bit
> > > uncomfortable that `len', which we return from msg_print_text(),
> > > now points one byte beyond the buffer:
> > > 
> > > 	buf[len++] = '\n';
> > > 	return len;
> > > 
> > > This is not very common. Not sure what usually happens to kmsg_dump
> > > buffers, but anyone who'd do a rather innocent
> > > 
> > > 	kmsg_dump(buf, &len);
> > > 	buf[len] = 0x00;
> > > 
> > > will write to something which is not a kmsg buffer (in some cases).

[..]

> arch/powerpc/xmon/xmon.c
> 2836:	while (kmsg_dump_get_line_nolock(&dumper, false, buf, sizeof(buf), &len)) {
> 2837-		buf[len] = '\0';
> 
> arch/um/kernel/kmsg_dump.c
> 29:	while (kmsg_dump_get_line(dumper, true, line, sizeof(line), &len)) {
> 30-		line[len] = '\0';
> 
> I guess we should fix these first and leave this patch as is?

We certainly need to fix something here, and I'd say that we
better handle it on the msg_print_text() side. There might be
more kmsg_dump_get_line() users doing `buf[len] = '\0'' in the
future.

	-ss

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ