lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Mar 2024 16:58:22 -0700
From: Andi Kleen <ak@...ux.intel.com>
To: weilin.wang@...el.com
Cc: Namhyung Kim <namhyung@...nel.org>,  Ian Rogers <irogers@...gle.com>,
  Arnaldo Carvalho de Melo <acme@...nel.org>,  Peter Zijlstra
 <peterz@...radead.org>,  Ingo Molnar <mingo@...hat.com>,  Alexander
 Shishkin <alexander.shishkin@...ux.intel.com>,  Jiri Olsa
 <jolsa@...nel.org>,  Adrian Hunter <adrian.hunter@...el.com>,  Kan Liang
 <kan.liang@...ux.intel.com>,  linux-perf-users@...r.kernel.org,
  linux-kernel@...r.kernel.org,  Perry Taylor <perry.taylor@...el.com>,
  Samantha Alt <samantha.alt@...el.com>,  Caleb Biggers
 <caleb.biggers@...el.com>
Subject: Re: [RFC PATCH v4 1/6] perf stat: Parse and find tpebs events when
 parsing metrics to prepare for perf record sampling

weilin.wang@...el.com writes:
> +
> +			new_event->tpebs_name = strdup(id);
> +			*p = '\0';
> +			name = malloc(strlen(id) + 2);
> +			if (!name)
> +				return -ENOMEM;
> +
> +			at = strchr(id, '@');
> +			if (at != NULL) {
> +				*at = '/';
> +				at = strchr(id, '@');
> +				*at = '/';
> +				strcpy(name, id);
> +				strcat(name, "p");
> +			} else {
> +				strcpy(name, id);
> +				strcat(name, ":p");


This seems like a buffer overflow because :p is 3 bytes including 0,
but you only allocate + 2.
You should really use safe string primitives, then you would have
noticed the truncation.

-Andi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ