lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250927085234.6a46c0a2@batman.local.home>
Date: Sat, 27 Sep 2025 08:52:34 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: LKML <linux-kernel@...r.kernel.org>, Ivan Pravdin
 <ipravdin.official@...il.com>, Wander Lairson Costa <wander@...hat.com>,
 Tomas Glozar <tglozar@...hat.com>
Subject: [GIT PULL] rtla: Couple of fixes for 6.17


Linus,

Two fixes for rtla in v6.17:

- Fix a buffer overflow in actions_parse()

  The "trigger_c" variable did not account for the nul byte when
  determining its size.

- Fix a compare that had the values reversed

  actions_destroy() is to reallocate when len is greater than the current size,
  but the compare was testing if size is greater than the new length.


Please pull the latest trace-tools-v6.17-rc5 tree, which can be found at:


  git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace.git
trace-tools-v6.17-rc5

Tag SHA1: 5f0fc72cedf3fd11f298253d0687eb69ea921dfd
Head SHA1: 2227f273b7dc25a791ae6b152550098aa6934b2f


Ivan Pravdin (1):
      rtla: Fix buffer overflow in actions_parse

Wander Lairson Costa (1):
      rtla/actions: Fix condition for buffer reallocation

----
 tools/tracing/rtla/src/actions.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
---------------------------
diff --git a/tools/tracing/rtla/src/actions.c b/tools/tracing/rtla/src/actions.c
index aaf0808125d7..13ff1934d47c 100644
--- a/tools/tracing/rtla/src/actions.c
+++ b/tools/tracing/rtla/src/actions.c
@@ -49,7 +49,7 @@ actions_destroy(struct actions *self)
 static struct action *
 actions_new(struct actions *self)
 {
-	if (self->size >= self->len) {
+	if (self->len >= self->size) {
 		self->size *= 2;
 		self->list = realloc(self->list, self->size * sizeof(struct action));
 	}
@@ -131,7 +131,7 @@ actions_parse(struct actions *self, const char *trigger)
 {
 	enum action_type type = ACTION_NONE;
 	char *token;
-	char trigger_c[strlen(trigger)];
+	char trigger_c[strlen(trigger) + 1];
 
 	/* For ACTION_SIGNAL */
 	int signal = 0, pid = 0;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ