Message ID | 1530019213-2347-1-git-send-email-leitao@debian.org (mailing list archive) |
---|---|
State | Accepted |
Commit | 09a61e894ac852fb063ee0b54fc513b13abcab08 |
Headers | show |
Series | [v3,1/2] selftests/powerpc: Fix strncpy usage | expand |
On Tue, 2018-06-26 at 13:20:12 UTC, Breno Leitao wrote: > There is a buffer overflow in dscr_inherit_test.c test. In main(), strncpy()'s > third argument is the length of the source, not the size of the destination > buffer, which makes strncpy() behaves like strcpy(), causing a buffer overflow > if argv[0] is bigger than LEN_MAX (100). > > This patch maps 'prog' to the argv[0] memory region, removing the static > allocation and the LEN_MAX size restriction. > > CC: Michael Ellerman <mpe@ellerman.id.au> > CC: Segher Boessenkool <segher@kernel.crashing.org> > CC: Anshuman Khandual <khandual@linux.vnet.ibm.com> > Signed-off-by: Breno Leitao <leitao@debian.org> Series applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/09a61e894ac852fb063ee0b54fc513 cheers
diff --git a/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c b/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c index 08a8b95e3bc1..55c55f39b6a6 100644 --- a/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c +++ b/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c @@ -19,7 +19,7 @@ */ #include "dscr.h" -static char prog[LEN_MAX]; +static char *prog; static void do_exec(unsigned long parent_dscr) { @@ -104,6 +104,6 @@ int main(int argc, char *argv[]) exit(1); } - strncpy(prog, argv[0], strlen(argv[0])); + prog = argv[0]; return test_harness(dscr_inherit_exec, "dscr_inherit_exec_test"); }
There is a buffer overflow in dscr_inherit_test.c test. In main(), strncpy()'s third argument is the length of the source, not the size of the destination buffer, which makes strncpy() behaves like strcpy(), causing a buffer overflow if argv[0] is bigger than LEN_MAX (100). This patch maps 'prog' to the argv[0] memory region, removing the static allocation and the LEN_MAX size restriction. CC: Michael Ellerman <mpe@ellerman.id.au> CC: Segher Boessenkool <segher@kernel.crashing.org> CC: Anshuman Khandual <khandual@linux.vnet.ibm.com> Signed-off-by: Breno Leitao <leitao@debian.org> --- tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)