| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Jan 2021 13:07:21 +0100
From: Petr Mladek <pmladek@...e.com>
To: John Ogness <john.ogness@...utronix.de>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Steven Rostedt <rostedt@...dmis.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] printk: fix buffer overflow potential for print_text()
On Fri 2021-01-15 13:04:37, Petr Mladek wrote:
> On Thu 2021-01-14 18:10:12, John Ogness wrote:
> > Before commit b6cf8b3f3312 ("printk: add lockless ringbuffer"),
> > msg_print_text() would only write up to size-1 bytes into the
> > provided buffer. Some callers expect this behavior and append
> > a terminator to returned string. In particular:
> >
> > arch/powerpc/xmon/xmon.c:dump_log_buf()
> > arch/um/kernel/kmsg_dump.c:kmsg_dumper_stdout()
> >
> > msg_print_text() has been replaced by record_print_text(), which
> > currently fills the full size of the buffer. This causes a
> > buffer overflow for the above callers.
> >
> > Change record_print_text() so that it will only use size-1 bytes
> > for text data. Also, for paranoia sakes, add a terminator after
> > the text data.
> >
> > And finally, document this behavior so that it is clear that only
> > size-1 bytes are used and a terminator is added.
> >
> > Fixes: b6cf8b3f3312 ("printk: add lockless ringbuffer")
> > Signed-off-by: John Ogness <john.ogness@...utronix.de>
I forgot one thing. We should add stable here:
Cc: stable@...r.kernel.org # 5.10+
No need to resend the patch. I'll add it when pushing the patch.
Best Regards,
Petr
Powered by blists - more mailing lists