From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
disconnect3d <dominik.b.czarnota@gmail.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Changbin Du <changbin.du@intel.com>, Jiri Olsa <jolsa@redhat.com>,
John Keeping <john@metanate.com>,
Mark Rutland <mark.rutland@arm.com>,
Michael Lentine <mlentine@google.com>,
Namhyung Kim <namhyung@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Song Liu <songliubraving@fb.com>,
Stephane Eranian <eranian@google.com>,
Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 5.4 20/27] perf map: Fix off by one in strncpy() size argument
Date: Wed, 1 Apr 2020 18:17:48 +0200 [thread overview]
Message-ID: <20200401161431.417330886@linuxfoundation.org> (raw)
In-Reply-To: <20200401161414.352722470@linuxfoundation.org>
From: disconnect3d <dominik.b.czarnota@gmail.com>
commit db2c549407d4a76563c579e4768f7d6d32afefba upstream.
This patch fixes an off-by-one error in strncpy size argument in
tools/perf/util/map.c. The issue is that in:
strncmp(filename, "/system/lib/", 11)
the passed string literal: "/system/lib/" has 12 bytes (without the NULL
byte) and the passed size argument is 11. As a result, the logic won't
match the ending "/" byte and will pass filepaths that are stored in
other directories e.g. "/system/libmalicious/bin" or just
"/system/libmalicious".
This functionality seems to be present only on Android. I assume the
/system/ directory is only writable by the root user, so I don't think
this bug has much (or any) security impact.
Fixes: eca818369996 ("perf tools: Add automatic remapping of Android libraries")
Signed-off-by: disconnect3d <dominik.b.czarnota@gmail.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Changbin Du <changbin.du@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: John Keeping <john@metanate.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Michael Lentine <mlentine@google.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lore.kernel.org/lkml/20200309104855.3775-1-dominik.b.czarnota@gmail.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/map.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/util/map.c
+++ b/tools/perf/util/map.c
@@ -90,7 +90,7 @@ static inline bool replace_android_lib(c
return true;
}
- if (!strncmp(filename, "/system/lib/", 11)) {
+ if (!strncmp(filename, "/system/lib/", 12)) {
char *ndk, *app;
const char *arch;
size_t ndk_length;
next prev parent reply other threads:[~2020-04-01 16:56 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-01 16:17 [PATCH 5.4 00/27] 5.4.30-rc1 review Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 01/27] mac80211: Check port authorization in the ieee80211_tx_dequeue() case Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 02/27] mac80211: fix authentication with iwlwifi/mvm Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 03/27] serial: sprd: Fix a dereference warning Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 04/27] vt: selection, introduce vc_is_sel Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 05/27] vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 06/27] vt: switch vt_dont_switch to bool Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 07/27] vt: vt_ioctl: remove unnecessary console allocation checks Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 08/27] vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 09/27] vt: vt_ioctl: fix use-after-free in vt_in_use() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 10/27] platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 11/27] bpf: Explicitly memset the bpf_attr structure Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 12/27] bpf: Explicitly memset some bpf info structures declared on the stack Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 13/27] gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 14/27] net: ks8851-ml: Fix IO operations, again Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 15/27] clk: imx: Align imx sc clock msg structs to 4 Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 16/27] clk: imx: Align imx sc clock parent " Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 17/27] clk: ti: am43xx: Fix clock parent for RTC clock Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 18/27] libceph: fix alloc_msg_with_page_vector() memory leaks Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 19/27] arm64: alternative: fix build with clang integrated assembler Greg Kroah-Hartman
2020-04-01 16:17 ` Greg Kroah-Hartman [this message]
2020-04-01 16:17 ` [PATCH 5.4 21/27] ARM: dts: oxnas: Fix clear-mask property Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 22/27] ARM: bcm2835-rpi-zero-w: Add missing pinctrl name Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 23/27] ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 24/27] ARM: dts: N900: fix onenand timings Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 25/27] ARM: dts: sun8i: r40: Move AHCI device node based on address order Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 26/27] arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 5.4 27/27] arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode Greg Kroah-Hartman
2020-04-02 0:13 ` [PATCH 5.4 00/27] 5.4.30-rc1 review Guenter Roeck
2020-04-02 7:10 ` Jon Hunter
2020-04-02 7:10 ` Jon Hunter
2020-04-02 9:11 ` Naresh Kamboju
2020-04-02 16:51 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200401161431.417330886@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=acme@redhat.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=changbin.du@intel.com \
--cc=dominik.b.czarnota@gmail.com \
--cc=eranian@google.com \
--cc=john@metanate.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mlentine@google.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=songliubraving@fb.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.