[PATCH] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

15 Dec 2018

Hello,
Please picked up this patch for linux 4.4 and 4.9.
This fixes CVE-2017-0605 (Rejected?). Tested in Debian ;)
Thank.
[ Upstream commit e09e28671cda63e6308b31798b997639120e2a21 ]
From: Amey Telawane ameyt@codeaurora.org
Date: Wed, 3 May 2017 15:41:14 +0530
Subject: [PATCH] tracing: Use strlcpy() instead of strcpy() in
 __trace_find_cmdline()
Strcpy is inherently not safe, and strlcpy() should be used instead.
__trace_find_cmdline() uses strcpy() because the comms saved must have a
terminating nul character, but it doesn't hurt to add the extra protection
of using strlcpy() instead of strcpy().
Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@linar...
Signed-off-by: Amey Telawane ameyt@codeaurora.org
[AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2161ae9a70b...]
Signed-off-by: Amit Pundir amit.pundir@linaro.org
[ Updated change log and removed the "- 1" from len parameter ]
Signed-off-by: Steven Rostedt (VMware) rostedt@goodmis.org
---
 kernel/trace/trace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1862,7 +1862,7 @@ static void __trace_find_cmdline(int pid
map = savedcmd->map_pid_to_cmdline[pid];
    if (map != NO_CMDLINE_MAP)
-		strcpy(comm, get_saved_cmdlines(map));
+		strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN);
    else
    	strcpy(comm, "<...>");
 }

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()