| Message ID | dfb1a9a26d7f974371ff1d3e29eba80ef075d465.1700913863.git.christophe.jaillet@wanadoo.fr |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp1890239vqx;
Sat, 25 Nov 2023 04:07:18 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IGUzxEhOkCdfS6qaB05UVYYFGqIorH63jdRP/Qycg7nOR8WByhoCuGBc5tTgGcAr5GCXGa1
X-Received: by 2002:a05:6a21:3386:b0:17a:e941:b0a3 with SMTP id
yy6-20020a056a21338600b0017ae941b0a3mr7240682pzb.39.1700914038233;
Sat, 25 Nov 2023 04:07:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1700914038; cv=none;
d=google.com; s=arc-20160816;
b=f0JHSzkksK/czHEsGOJPIPpSv2x2ntBXqnVH5IyObxau3QwRNx/SlsHaMwZ1SoTpff
OPnbzlNyrI+Y2R6qvbzkPNxe7zIwKdLbLiIeWvub+pF0j4nF3UmK1x/iD9cgMTmn8ySL
RLnwr2nUIvRZ81jR6GPrF87xzp0GojqfklWtHJyHQA2/G1PVyuYQnAMCKn/Gd/53O3BY
JjjlTaOqjCmuNhGyCw6iGflQTkFMRCN6W6V/xHJvM/A3W/fijqjuS7kWI4TewQOIq3D3
4hKGSHZzwjqhHkgCvWAK/i2PJoAUFvzl45aHflaLFwxQUyFIFko8cRUPbYF9WtYcp8BE
K68g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=D8jRKKW7qYyj5J7AMcOnTnbOZsoLLJ3CuZOXne3T+xE=;
fh=yWeCKlOWm/no0ngJchUbso50I0jY9XyC+20z6qdiwMs=;
b=TnNPWCGF6tTguSZl3JY7NnJobpdEoHQM856BHCGnaZIUQFCnXNhBZ8eyWfWbOtu2IK
F2FbgwxDAN6x/65RM4gjm47YYRVDGbqu9bHDkw5G3v5qWfoMgjJDE5jJxR5eg6NQKp+w
PUxYGege+52wSl6cWIJY4JMApbWABuoi8ZWIBuwtg9Jxj/Ls++Ep91cUvUTiHVhfY20L
iF6QQfrisDhT6sHJkjdlXDwtcDV6m25vXSPxdDenBGG1ew/ZyZ0Px8tbAQdYx9/ZuzMt
BKfjzX426zreeiRMAzfbD3my9L9Sadfp2WFBT/UbjUkDSPiiye7bp9LYEqUZylSLQwUb
imqg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@wanadoo.fr header.s=t20230301 header.b=FpZCFyMh;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wanadoo.fr
Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3])
by mx.google.com with ESMTPS id
g2-20020a17090adb0200b0027d7eebd4c0si5555996pjv.109.2023.11.25.04.07.17
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 25 Nov 2023 04:07:18 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
client-ip=2620:137:e000::3:3;
Authentication-Results: mx.google.com;
dkim=pass header.i=@wanadoo.fr header.s=t20230301 header.b=FpZCFyMh;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wanadoo.fr
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by lipwig.vger.email (Postfix) with ESMTP id 90D3080B0448;
Sat, 25 Nov 2023 04:06:04 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231802AbjKYMFF (ORCPT <rfc822;kernel.ruili@gmail.com>
+ 99 others); Sat, 25 Nov 2023 07:05:05 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34364 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229483AbjKYMFE (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Sat, 25 Nov 2023 07:05:04 -0500
Received: from smtp.smtpout.orange.fr (smtp-18.smtpout.orange.fr
[80.12.242.18])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC13AD72
for <linux-kernel@vger.kernel.org>;
Sat, 25 Nov 2023 04:05:09 -0800 (PST)
Received: from pop-os.home ([92.140.202.140])
by smtp.orange.fr with ESMTPA
id 6rPGrkVZQMoj46rPGrYOrl; Sat, 25 Nov 2023 13:05:07 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wanadoo.fr;
s=t20230301; t=1700913907;
bh=D8jRKKW7qYyj5J7AMcOnTnbOZsoLLJ3CuZOXne3T+xE=;
h=From:To:Cc:Subject:Date;
b=FpZCFyMhyfkRQVTlJ+ul3K9wjaFgrtqzimdWGweVS/sVW5yp047fClM6sgjK4qoLo
BFv3hWrTDEW4138OnhsK5IGjpj48AmQGQ5LTTR4pFERCD/ib/XfiNJLBdQuBrDpX2S
hV8e4JUq/z/s2hYuYIvhPF5d8OqOgyE2AUbvNv2Mu7j9/WVOzsNy15QeLgLf1P4MKE
WmPEigmenEo5j42E04jl2HMYeyq2sguWOPiTmo70ebZzBZoRb2GciK6FSuo1twSShn
+gz0Ux5v0TSvc93oqlD20I7ntiK5lD7Dpr6AJJoidrlcCITvFTg4QUji+tv2OPPN4P
Aug0puK1mLLrg==
X-ME-Helo: pop-os.home
X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI=
X-ME-Date: Sat, 25 Nov 2023 13:05:07 +0100
X-ME-IP: 92.140.202.140
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
To: Jason Wessel <jason.wessel@windriver.com>,
Daniel Thompson <daniel.thompson@linaro.org>,
Douglas Anderson <dianders@chromium.org>,
Martin Hicks <mort@sgi.com>
Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org,
Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
kgdb-bugreport@lists.sourceforge.net
Subject: [PATCH v2] kdb: Fix a potential buffer overflow in kdb_local()
Date: Sat, 25 Nov 2023 13:05:04 +0100
Message-Id:
<dfb1a9a26d7f974371ff1d3e29eba80ef075d465.1700913863.git.christophe.jaillet@wanadoo.fr>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]);
Sat, 25 Nov 2023 04:06:04 -0800 (PST)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1783537638391949935
X-GMAIL-MSGID: 1783537638391949935
|
| Series |
[v2] kdb: Fix a potential buffer overflow in kdb_local()
|
|
Commit Message
Christophe JAILLET
Nov. 25, 2023, 12:05 p.m. UTC
When appending "[defcmd]" to 'kdb_prompt_str', the size of the string
already in the buffer should be taken into account.
An option could be to switch from strncat() to strlcat() which does the
correct test to avoid such an overflow.
However, this actually looks as dead code, because 'defcmd_in_progress'
can't be true here.
See a more detailed explanation at [1].
[1]: https://lore.kernel.org/all/CAD=FV=WSh7wKN7Yp-3wWiDgX4E3isQ8uh0LCzTmd1v9Cg9j+nQ@mail.gmail.com/
Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
Changes in v2:
- Delete the strncat() call [Doug Anderson]
v1: https://lore.kernel.org/all/0b1790ca91b71e3362a6a4c2863bc5787b4d60c9.1698501284.git.christophe.jaillet@wanadoo.fr/
---
kernel/debug/kdb/kdb_main.c | 2 --
1 file changed, 2 deletions(-)
Comments
Hi, On Sat, Nov 25, 2023 at 4:05 AM Christophe JAILLET <christophe.jaillet@wanadoo.fr> wrote: > > When appending "[defcmd]" to 'kdb_prompt_str', the size of the string > already in the buffer should be taken into account. > > An option could be to switch from strncat() to strlcat() which does the > correct test to avoid such an overflow. > > However, this actually looks as dead code, because 'defcmd_in_progress' > can't be true here. > See a more detailed explanation at [1]. > > [1]: https://lore.kernel.org/all/CAD=FV=WSh7wKN7Yp-3wWiDgX4E3isQ8uh0LCzTmd1v9Cg9j+nQ@mail.gmail.com/ > > Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)") > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> > --- > Changes in v2: > - Delete the strncat() call [Doug Anderson] > > v1: https://lore.kernel.org/all/0b1790ca91b71e3362a6a4c2863bc5787b4d60c9.1698501284.git.christophe.jaillet@wanadoo.fr/ > --- > kernel/debug/kdb/kdb_main.c | 2 -- > 1 file changed, 2 deletions(-) Reviewed-by: Douglas Anderson <dianders@chromium.org>
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c index 6b213c8252d6..d05066cb40b2 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1348,8 +1348,6 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs, /* PROMPT can only be set if we have MEM_READ permission. */ snprintf(kdb_prompt_str, CMD_BUFLEN, kdbgetenv("PROMPT"), raw_smp_processor_id()); - if (defcmd_in_progress) - strncat(kdb_prompt_str, "[defcmd]", CMD_BUFLEN); /* * Fetch command from keyboard