From patchwork Sat Nov 25 12:05:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christophe JAILLET X-Patchwork-Id: 169710 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp1890239vqx; Sat, 25 Nov 2023 04:07:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IGUzxEhOkCdfS6qaB05UVYYFGqIorH63jdRP/Qycg7nOR8WByhoCuGBc5tTgGcAr5GCXGa1 X-Received: by 2002:a05:6a21:3386:b0:17a:e941:b0a3 with SMTP id yy6-20020a056a21338600b0017ae941b0a3mr7240682pzb.39.1700914038233; Sat, 25 Nov 2023 04:07:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700914038; cv=none; d=google.com; s=arc-20160816; b=f0JHSzkksK/czHEsGOJPIPpSv2x2ntBXqnVH5IyObxau3QwRNx/SlsHaMwZ1SoTpff OPnbzlNyrI+Y2R6qvbzkPNxe7zIwKdLbLiIeWvub+pF0j4nF3UmK1x/iD9cgMTmn8ySL RLnwr2nUIvRZ81jR6GPrF87xzp0GojqfklWtHJyHQA2/G1PVyuYQnAMCKn/Gd/53O3BY JjjlTaOqjCmuNhGyCw6iGflQTkFMRCN6W6V/xHJvM/A3W/fijqjuS7kWI4TewQOIq3D3 4hKGSHZzwjqhHkgCvWAK/i2PJoAUFvzl45aHflaLFwxQUyFIFko8cRUPbYF9WtYcp8BE K68g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=D8jRKKW7qYyj5J7AMcOnTnbOZsoLLJ3CuZOXne3T+xE=; fh=yWeCKlOWm/no0ngJchUbso50I0jY9XyC+20z6qdiwMs=; b=TnNPWCGF6tTguSZl3JY7NnJobpdEoHQM856BHCGnaZIUQFCnXNhBZ8eyWfWbOtu2IK F2FbgwxDAN6x/65RM4gjm47YYRVDGbqu9bHDkw5G3v5qWfoMgjJDE5jJxR5eg6NQKp+w PUxYGege+52wSl6cWIJY4JMApbWABuoi8ZWIBuwtg9Jxj/Ls++Ep91cUvUTiHVhfY20L iF6QQfrisDhT6sHJkjdlXDwtcDV6m25vXSPxdDenBGG1ew/ZyZ0Px8tbAQdYx9/ZuzMt BKfjzX426zreeiRMAzfbD3my9L9Sadfp2WFBT/UbjUkDSPiiye7bp9LYEqUZylSLQwUb imqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@wanadoo.fr header.s=t20230301 header.b=FpZCFyMh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wanadoo.fr Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id g2-20020a17090adb0200b0027d7eebd4c0si5555996pjv.109.2023.11.25.04.07.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 Nov 2023 04:07:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@wanadoo.fr header.s=t20230301 header.b=FpZCFyMh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wanadoo.fr Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 90D3080B0448; Sat, 25 Nov 2023 04:06:04 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231802AbjKYMFF (ORCPT + 99 others); Sat, 25 Nov 2023 07:05:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34364 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229483AbjKYMFE (ORCPT ); Sat, 25 Nov 2023 07:05:04 -0500 Received: from smtp.smtpout.orange.fr (smtp-18.smtpout.orange.fr [80.12.242.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC13AD72 for ; Sat, 25 Nov 2023 04:05:09 -0800 (PST) Received: from pop-os.home ([92.140.202.140]) by smtp.orange.fr with ESMTPA id 6rPGrkVZQMoj46rPGrYOrl; Sat, 25 Nov 2023 13:05:07 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wanadoo.fr; s=t20230301; t=1700913907; bh=D8jRKKW7qYyj5J7AMcOnTnbOZsoLLJ3CuZOXne3T+xE=; h=From:To:Cc:Subject:Date; b=FpZCFyMhyfkRQVTlJ+ul3K9wjaFgrtqzimdWGweVS/sVW5yp047fClM6sgjK4qoLo BFv3hWrTDEW4138OnhsK5IGjpj48AmQGQ5LTTR4pFERCD/ib/XfiNJLBdQuBrDpX2S hV8e4JUq/z/s2hYuYIvhPF5d8OqOgyE2AUbvNv2Mu7j9/WVOzsNy15QeLgLf1P4MKE WmPEigmenEo5j42E04jl2HMYeyq2sguWOPiTmo70ebZzBZoRb2GciK6FSuo1twSShn +gz0Ux5v0TSvc93oqlD20I7ntiK5lD7Dpr6AJJoidrlcCITvFTg4QUji+tv2OPPN4P Aug0puK1mLLrg== X-ME-Helo: pop-os.home X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI= X-ME-Date: Sat, 25 Nov 2023 13:05:07 +0100 X-ME-IP: 92.140.202.140 From: Christophe JAILLET To: Jason Wessel , Daniel Thompson , Douglas Anderson , Martin Hicks Cc: linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, Christophe JAILLET , kgdb-bugreport@lists.sourceforge.net Subject: [PATCH v2] kdb: Fix a potential buffer overflow in kdb_local() Date: Sat, 25 Nov 2023 13:05:04 +0100 Message-Id: X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Sat, 25 Nov 2023 04:06:04 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783537638391949935 X-GMAIL-MSGID: 1783537638391949935 When appending "[defcmd]" to 'kdb_prompt_str', the size of the string already in the buffer should be taken into account. An option could be to switch from strncat() to strlcat() which does the correct test to avoid such an overflow. However, this actually looks as dead code, because 'defcmd_in_progress' can't be true here. See a more detailed explanation at [1]. [1]: https://lore.kernel.org/all/CAD=FV=WSh7wKN7Yp-3wWiDgX4E3isQ8uh0LCzTmd1v9Cg9j+nQ@mail.gmail.com/ Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)") Signed-off-by: Christophe JAILLET Reviewed-by: Douglas Anderson --- Changes in v2: - Delete the strncat() call [Doug Anderson] v1: https://lore.kernel.org/all/0b1790ca91b71e3362a6a4c2863bc5787b4d60c9.1698501284.git.christophe.jaillet@wanadoo.fr/ --- kernel/debug/kdb/kdb_main.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c index 6b213c8252d6..d05066cb40b2 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1348,8 +1348,6 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs, /* PROMPT can only be set if we have MEM_READ permission. */ snprintf(kdb_prompt_str, CMD_BUFLEN, kdbgetenv("PROMPT"), raw_smp_processor_id()); - if (defcmd_in_progress) - strncat(kdb_prompt_str, "[defcmd]", CMD_BUFLEN); /* * Fetch command from keyboard