From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>
Cc: Jiri Olsa <jolsa@kernel.org>, Namhyung Kim <namhyung@kernel.org>,
Clark Williams <williams@redhat.com>,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
disconnect3d <dominik.b.czarnota@gmail.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Changbin Du <changbin.du@intel.com>, Jiri Olsa <jolsa@redhat.com>,
John Keeping <john@metanate.com>,
Mark Rutland <mark.rutland@arm.com>,
Michael Lentine <mlentine@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Song Liu <songliubraving@fb.com>,
Stephane Eranian <eranian@google.com>,
Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 07/23] perf map: Fix off by one in strncpy() size argument
Date: Tue, 17 Mar 2020 18:32:43 -0300 [thread overview]
Message-ID: <20200317213259.15494-8-acme@kernel.org> (raw)
In-Reply-To: <20200317213259.15494-1-acme@kernel.org>
From: disconnect3d <dominik.b.czarnota@gmail.com>
This patch fixes an off-by-one error in strncpy size argument in
tools/perf/util/map.c. The issue is that in:
strncmp(filename, "/system/lib/", 11)
the passed string literal: "/system/lib/" has 12 bytes (without the NULL
byte) and the passed size argument is 11. As a result, the logic won't
match the ending "/" byte and will pass filepaths that are stored in
other directories e.g. "/system/libmalicious/bin" or just
"/system/libmalicious".
This functionality seems to be present only on Android. I assume the
/system/ directory is only writable by the root user, so I don't think
this bug has much (or any) security impact.
Fixes: eca818369996 ("perf tools: Add automatic remapping of Android libraries")
Signed-off-by: disconnect3d <dominik.b.czarnota@gmail.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Changbin Du <changbin.du@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: John Keeping <john@metanate.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Michael Lentine <mlentine@google.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lore.kernel.org/lkml/20200309104855.3775-1-dominik.b.czarnota@gmail.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/map.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
index 95428511300d..b342f744b1fc 100644
--- a/tools/perf/util/map.c
+++ b/tools/perf/util/map.c
@@ -89,7 +89,7 @@ static inline bool replace_android_lib(const char *filename, char *newfilename)
return true;
}
- if (!strncmp(filename, "/system/lib/", 11)) {
+ if (!strncmp(filename, "/system/lib/", 12)) {
char *ndk, *app;
const char *arch;
size_t ndk_length;
--
2.21.1
next prev parent reply other threads:[~2020-03-17 21:32 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-17 21:32 [GIT PULL] perf/core improvements and fixes Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 01/23] perf vendor events s390: Add new deflate counters for IBM z15 Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 02/23] perf jevents: Support metric constraint Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 03/23] perf metricgroup: Factor out metricgroup__add_metric_weak_group() Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 04/23] perf util: Factor out sysctl__nmi_watchdog_enabled() Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 05/23] perf metricgroup: Support metric constraint Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 06/23] perf vendor events intel: Add NO_NMI_WATCHDOG " Arnaldo Carvalho de Melo
2020-03-17 21:32 ` Arnaldo Carvalho de Melo [this message]
2020-03-17 21:32 ` [PATCH 08/23] perf map: Use strstarts() to look for Android libraries Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 09/23] perf cs-etm: Swap packets for instruction samples Arnaldo Carvalho de Melo
2020-03-17 21:32 ` Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 10/23] perf cs-etm: Continuously record last branch Arnaldo Carvalho de Melo
2020-03-17 21:32 ` Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 11/23] perf cs-etm: Correct synthesizing instruction samples Arnaldo Carvalho de Melo
2020-03-17 21:32 ` Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 12/23] perf cs-etm: Optimize copying last branches Arnaldo Carvalho de Melo
2020-03-17 21:32 ` Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 13/23] perf cs-etm: Fix unsigned variable comparison to zero Arnaldo Carvalho de Melo
2020-03-17 21:32 ` Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 14/23] perf doc: Set man page date to last git commit Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 15/23] perf intel-pt: Rename intel-pt.txt and put it in man page format Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 16/23] perf intel-pt: Add Intel PT man page references Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 17/23] perf intel-pt: Update intel-pt.txt file with new location of the documentation Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 18/23] perf scripting perl: Add common_callchain to fix argument order Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 19/23] perf record: Fix binding of AIO user space buffers to nodes Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 20/23] perf test: Print if shell directory isn't present Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 21/23] perf tools: Give synthetic mmap events an inode generation Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 22/23] perf report: Fix no branch type statistics report issue Arnaldo Carvalho de Melo
2020-03-17 21:32 ` [PATCH 23/23] perf expr: Fix copy/paste mistake Arnaldo Carvalho de Melo
2020-03-19 14:03 ` [GIT PULL] perf/core improvements and fixes Ingo Molnar
2020-03-19 14:07 ` Arnaldo Carvalho de Melo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200317213259.15494-8-acme@kernel.org \
--to=acme@kernel.org \
--cc=acme@redhat.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=changbin.du@intel.com \
--cc=dominik.b.czarnota@gmail.com \
--cc=eranian@google.com \
--cc=john@metanate.com \
--cc=jolsa@kernel.org \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@kernel.org \
--cc=mlentine@google.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=songliubraving@fb.com \
--cc=tglx@linutronix.de \
--cc=williams@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.