| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220925224204.4e5d341e@gandalf.local.home>
Date: Sun, 25 Sep 2022 22:42:04 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Kassey Li <quic_yingangl@...cinc.com>
Cc: <mingo@...hat.com>, <tj@...nel.org>,
<william.kucharski@...cle.com>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] cgroup: align the comm length with TASK_COMM_LEN
On Mon, 26 Sep 2022 10:18:55 +0800
Kassey Li <quic_yingangl@...cinc.com> wrote:
> >> @@ -139,12 +139,12 @@ DECLARE_EVENT_CLASS(cgroup_migrate,
> >> __entry->dst_level = dst_cgrp->level;
> >> __assign_str(dst_path, path);
> >> __entry->pid = task->pid;
> >> - __assign_str(comm, task->comm);
> >> + memcpy(__entry->comm, task->comm, TASK_COMM_LEN);
> I think the problem is here, __assign_str using strcpy
> the task->comm here tail is not '\0'
> that's why it out of bounds access.
>
If this is the case, then there's a lot more than just tracing that will
break. There are other places in the kernel has used strcpy() on task->comm,
and many more that do "%s" on task->comm, which would also crash on this.
> do you want to this version or just modify the memcpy or strncpy to do
> with a known length ? please give suggest so I can modify .
I'm guessing a problem exists elsewhere that makes it look like this is the
issue. I suggest finding where the '\0' is dropped (if that is indeed the
case).
-- Steve
Powered by blists - more mailing lists