| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20211013140238.16347-1-sj@kernel.org>
Date: Wed, 13 Oct 2021 14:02:38 +0000
From: SeongJae Park <sj@...nel.org>
To: Xin Hao <xhao@...ux.alibaba.com>
Cc: sjpark@...zon.de, akpm@...ux-foundation.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm/damon: Adjust the size of kbuf array to avoid overflow
Hi Xin,
On Wed, 13 Oct 2021 19:48:54 +0800 Xin Hao <xhao@...ux.alibaba.com> wrote:
> In order to avoid the 'count' size space of kbuf array is
> used up, but a "\0" is still added.
Thank you for this patch! :)
But... I unsure how this can cause a buffer overflow, as 'kbuf' is accessed by
only size-specified functions, namely 'scnprintf()' and
'simple_read_from_buffer()'.
If I'm missing something, please feel free to let me know.
Thanks,
SJ
>
> Signed-off-by: Xin Hao <xhao@...ux.alibaba.com>
> ---
> mm/damon/dbgfs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/damon/dbgfs.c b/mm/damon/dbgfs.c
> index faee070977d8..20c61eed54af 100644
> --- a/mm/damon/dbgfs.c
> +++ b/mm/damon/dbgfs.c
> @@ -247,7 +247,7 @@ static ssize_t dbgfs_kdamond_pid_read(struct file *file,
> char *kbuf;
> ssize_t len;
>
> - kbuf = kmalloc(count, GFP_KERNEL);
> + kbuf = kmalloc(count + 1, GFP_KERNEL);
> if (!kbuf)
> return -ENOMEM;
>
> --
> 2.31.0
>
Powered by blists - more mailing lists