lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Mar 2020 14:04:44 -0000 From: "tip-bot2 for disconnect3d" <tip-bot2@...utronix.de> To: linux-tip-commits@...r.kernel.org Cc: disconnect3d <dominik.b.czarnota@...il.com>, Alexander Shishkin <alexander.shishkin@...ux.intel.com>, Changbin Du <changbin.du@...el.com>, Jiri Olsa <jolsa@...hat.com>, John Keeping <john@...anate.com>, Mark Rutland <mark.rutland@....com>, Michael Lentine <mlentine@...gle.com>, Namhyung Kim <namhyung@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Song Liu <songliubraving@...com>, Stephane Eranian <eranian@...gle.com>, Arnaldo Carvalho de Melo <acme@...hat.com>, x86 <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org> Subject: [tip: perf/urgent] perf map: Fix off by one in strncpy() size argument The following commit has been merged into the perf/urgent branch of tip: Commit-ID: db2c549407d4a76563c579e4768f7d6d32afefba Gitweb: https://git.kernel.org/tip/db2c549407d4a76563c579e4768f7d6d32afefba Author: disconnect3d <dominik.b.czarnota@...il.com> AuthorDate: Mon, 09 Mar 2020 11:48:53 +01:00 Committer: Arnaldo Carvalho de Melo <acme@...hat.com> CommitterDate: Mon, 09 Mar 2020 09:34:45 -03:00 perf map: Fix off by one in strncpy() size argument This patch fixes an off-by-one error in strncpy size argument in tools/perf/util/map.c. The issue is that in: strncmp(filename, "/system/lib/", 11) the passed string literal: "/system/lib/" has 12 bytes (without the NULL byte) and the passed size argument is 11. As a result, the logic won't match the ending "/" byte and will pass filepaths that are stored in other directories e.g. "/system/libmalicious/bin" or just "/system/libmalicious". This functionality seems to be present only on Android. I assume the /system/ directory is only writable by the root user, so I don't think this bug has much (or any) security impact. Fixes: eca818369996 ("perf tools: Add automatic remapping of Android libraries") Signed-off-by: disconnect3d <dominik.b.czarnota@...il.com> Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com> Cc: Changbin Du <changbin.du@...el.com> Cc: Jiri Olsa <jolsa@...hat.com> Cc: John Keeping <john@...anate.com> Cc: Mark Rutland <mark.rutland@....com> Cc: Michael Lentine <mlentine@...gle.com> Cc: Namhyung Kim <namhyung@...nel.org> Cc: Peter Zijlstra <peterz@...radead.org> Cc: Song Liu <songliubraving@...com> Cc: Stephane Eranian <eranian@...gle.com> Link: http://lore.kernel.org/lkml/20200309104855.3775-1-dominik.b.czarnota@gmail.com Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com> --- tools/perf/util/map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c index 9542851..b342f74 100644 --- a/tools/perf/util/map.c +++ b/tools/perf/util/map.c @@ -89,7 +89,7 @@ static inline bool replace_android_lib(const char *filename, char *newfilename) return true; } - if (!strncmp(filename, "/system/lib/", 11)) { + if (!strncmp(filename, "/system/lib/", 12)) { char *ndk, *app; const char *arch; size_t ndk_length;
Powered by blists - more mailing lists