| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Nov 2021 06:04:10 +0000
From: Yafang Shao <laoar.shao@...il.com>
To: akpm@...ux-foundation.org, keescook@...omium.org,
rostedt@...dmis.org, mathieu.desnoyers@...icios.com,
arnaldo.melo@...il.com, pmladek@...e.com, peterz@...radead.org,
viro@...iv.linux.org.uk, valentin.schneider@....com,
qiang.zhang@...driver.com, robdclark@...omium.org,
christian@...uner.io, dietmar.eggemann@....com, mingo@...hat.com,
juri.lelli@...hat.com, vincent.guittot@...aro.org,
davem@...emloft.net, kuba@...nel.org, ast@...nel.org,
daniel@...earbox.net, andrii@...nel.org, kafai@...com,
songliubraving@...com, yhs@...com, john.fastabend@...il.com,
kpsingh@...nel.org, dennis.dalessandro@...nelisnetworks.com,
mike.marciniszyn@...nelisnetworks.com, dledford@...hat.com,
jgg@...pe.ca
Cc: linux-rdma@...r.kernel.org, netdev@...r.kernel.org,
bpf@...r.kernel.org, linux-perf-users@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, oliver.sang@...el.com, lkp@...el.com,
Yafang Shao <laoar.shao@...il.com>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
Andrii Nakryiko <andrii.nakryiko@...il.com>
Subject: [PATCH v7 02/11] fs/exec: make __get_task_comm always get a nul terminated string
If the dest buffer size is smaller than sizeof(tsk->comm), the buffer
will be without null ternimator, that may cause problem. We can make sure
the buffer size not smaller than comm at the callsite to avoid that
problem, but there may be callsite that we can't easily change.
Using strscpy_pad() instead of strncpy() in __get_task_comm() can make
the string always nul ternimated.
Suggested-by: Kees Cook <keescook@...omium.org>
Suggested-by: Steven Rostedt <rostedt@...dmis.org>
Signed-off-by: Yafang Shao <laoar.shao@...il.com>
Reviewed-by: Kees Cook <keescook@...omium.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
Cc: Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>
Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Steven Rostedt <rostedt@...dmis.org>
Cc: Al Viro <viro@...iv.linux.org.uk>
Cc: Kees Cook <keescook@...omium.org>
Cc: Petr Mladek <pmladek@...e.com>
---
fs/exec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/exec.c b/fs/exec.c
index 404156b5b314..013b707d995d 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1209,7 +1209,8 @@ static int unshare_sighand(struct task_struct *me)
char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk)
{
task_lock(tsk);
- strncpy(buf, tsk->comm, buf_size);
+ /* Always NUL terminated and zero-padded */
+ strscpy_pad(buf, tsk->comm, buf_size);
task_unlock(tsk);
return buf;
}
--
2.17.1
Powered by blists - more mailing lists