Quantcast

[CVE-2017-0605][Trusty] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[CVE-2017-0605][Trusty] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

Po-Hsu Lin (Sam)
Cherry-picked and adapted from e09e28671cda63e6308b31798b997639120e2a21, as
the commit(939c7a4) for get_saved_cmdlines() is not there for Precise and
Trusty, apply the fix with the same logic.

From: Amey Telawane <[hidden email]>
Strcpy is inherently not safe, and strlcpy() should be used instead.
__trace_find_cmdline() uses strcpy() because the comms saved must have a
terminating nul character, but it doesn't hurt to add the extra protection
of using strlcpy() instead of strcpy().

Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@...

Signed-off-by: Amey Telawane <[hidden email]>
[AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477]
Signed-off-by: Amit Pundir <[hidden email]>
[ Updated change log and removed the "- 1" from len parameter ]
Signed-off-by: Steven Rostedt (VMware) <[hidden email]>
(cherry picked from commit e09e28671cda63e6308b31798b997639120e2a21)
CVE-2017-0605
Signed-off-by: Po-Hsu Lin <[hidden email]>
---
 kernel/trace/trace.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 4ac996f..8c92acd 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1498,7 +1498,7 @@ void trace_find_cmdline(int pid, char comm[])
  arch_spin_lock(&trace_cmdline_lock);
  map = map_pid_to_cmdline[pid];
  if (map != NO_CMDLINE_MAP)
- strcpy(comm, saved_cmdlines[map]);
+ strlcpy(comm, saved_cmdlines[map], TASK_COMM_LEN);
  else
  strcpy(comm, "<...>");
 
--
1.7.9.5


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[CVE-2017-0605][Vivid] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

Po-Hsu Lin (Sam)
From: Amey Telawane <[hidden email]>

Strcpy is inherently not safe, and strlcpy() should be used instead.
__trace_find_cmdline() uses strcpy() because the comms saved must have a
terminating nul character, but it doesn't hurt to add the extra protection
of using strlcpy() instead of strcpy().

Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@...

Signed-off-by: Amey Telawane <[hidden email]>
[AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477]
Signed-off-by: Amit Pundir <[hidden email]>
[ Updated change log and removed the "- 1" from len parameter ]
Signed-off-by: Steven Rostedt (VMware) <[hidden email]>
(cherry picked from commit e09e28671cda63e6308b31798b997639120e2a21)
CVE-2017-0605
Signed-off-by: Po-Hsu Lin <[hidden email]>
---
 kernel/trace/trace.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index bd3e6b1..8ec7b7b 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1557,7 +1557,7 @@ static void __trace_find_cmdline(int pid, char comm[])
 
  map = savedcmd->map_pid_to_cmdline[pid];
  if (map != NO_CMDLINE_MAP)
- strcpy(comm, get_saved_cmdlines(map));
+ strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN);
  else
  strcpy(comm, "<...>");
 }
--
1.7.9.5


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [CVE-2017-0605][Vivid] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

Stefan Bader-2
On 17.05.2017 09:37, Po-Hsu Lin wrote:
> From: Amey Telawane <[hidden email]>
>
> Strcpy is inherently not safe, and strlcpy() should be used instead.
> __trace_find_cmdline() uses strcpy() because the comms saved must have a
> terminating nul character, but it doesn't hurt to add the extra protection
> of using strlcpy() instead of strcpy().

I Vivid is in the same state as Precise (meaning only high and critical).

-Stefan

>
> Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@...
>
> Signed-off-by: Amey Telawane <[hidden email]>
> [AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10
> https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477]
> Signed-off-by: Amit Pundir <[hidden email]>
> [ Updated change log and removed the "- 1" from len parameter ]
> Signed-off-by: Steven Rostedt (VMware) <[hidden email]>
> (cherry picked from commit e09e28671cda63e6308b31798b997639120e2a21)
> CVE-2017-0605
> Signed-off-by: Po-Hsu Lin <[hidden email]>
> ---
>  kernel/trace/trace.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index bd3e6b1..8ec7b7b 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -1557,7 +1557,7 @@ static void __trace_find_cmdline(int pid, char comm[])
>  
>   map = savedcmd->map_pid_to_cmdline[pid];
>   if (map != NO_CMDLINE_MAP)
> - strcpy(comm, get_saved_cmdlines(map));
> + strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN);
>   else
>   strcpy(comm, "<...>");
>  }
>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [CVE-2017-0605][Trusty] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

Stefan Bader-2
In reply to this post by Po-Hsu Lin (Sam)
On 17.05.2017 09:37, Po-Hsu Lin wrote:
> Cherry-picked and adapted from e09e28671cda63e6308b31798b997639120e2a21, as
> the commit(939c7a4) for get_saved_cmdlines() is not there for Precise and
> Trusty, apply the fix with the same logic.

That basically means backported below.

>
> From: Amey Telawane <[hidden email]>
> Strcpy is inherently not safe, and strlcpy() should be used instead.
> __trace_find_cmdline() uses strcpy() because the comms saved must have a
> terminating nul character, but it doesn't hurt to add the extra protection
> of using strlcpy() instead of strcpy().
>
> Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@...
>
> Signed-off-by: Amey Telawane <[hidden email]>
> [AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10
> https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477]
> Signed-off-by: Amit Pundir <[hidden email]>
> [ Updated change log and removed the "- 1" from len parameter ]
> Signed-off-by: Steven Rostedt (VMware) <[hidden email]>
> (cherry picked from commit e09e28671cda63e6308b31798b997639120e2a21)
(backported from commit e09e28671cda63e6308b31798b997639120e2a21)

> CVE-2017-0605
> Signed-off-by: Po-Hsu Lin <[hidden email]>
> ---
>  kernel/trace/trace.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index 4ac996f..8c92acd 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -1498,7 +1498,7 @@ void trace_find_cmdline(int pid, char comm[])
>   arch_spin_lock(&trace_cmdline_lock);
>   map = map_pid_to_cmdline[pid];
>   if (map != NO_CMDLINE_MAP)
> - strcpy(comm, saved_cmdlines[map]);
> + strlcpy(comm, saved_cmdlines[map], TASK_COMM_LEN);
>   else
>   strcpy(comm, "<...>");
>  
>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Loading...