From: Chen Gang <gang.chen@asianux.com>
To: KOSAKI Motohiro <kosaki.motohiro@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Frederic Weisbecker <fweisbec@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] kernel: tsacct: strncpy, always be sure of NUL terminated.
Date: Mon, 08 Apr 2013 12:03:55 +0800 [thread overview]
Message-ID: <516241AB.7040903@asianux.com> (raw)
In-Reply-To: <CAHGf_=rPcUWc=YvR4YTQJH=+SSEQ40nSYmSQXX_aJLDMquiPGw@mail.gmail.com>
On 2013年04月08日 11:52, KOSAKI Motohiro wrote:
> On Sun, Apr 7, 2013 at 11:27 PM, Chen Gang <gang.chen@asianux.com> wrote:
>> >
>> > for NUL terminated string, always set '\0' at the end.
>> >
>> > Signed-off-by: Chen Gang <gang.chen@asianux.com>
>> > ---
>> > kernel/tsacct.c | 3 ++-
>> > 1 files changed, 2 insertions(+), 1 deletions(-)
>> >
>> > diff --git a/kernel/tsacct.c b/kernel/tsacct.c
>> > index a1dd9a1..01bcc4e 100644
>> > --- a/kernel/tsacct.c
>> > +++ b/kernel/tsacct.c
>> > @@ -78,7 +78,8 @@ void bacct_add_tsk(struct user_namespace *user_ns,
>> > stats->ac_minflt = tsk->min_flt;
>> > stats->ac_majflt = tsk->maj_flt;
>> >
>> > - strncpy(stats->ac_comm, tsk->comm, sizeof(stats->ac_comm));
>> > + strncpy(stats->ac_comm, tsk->comm, sizeof(stats->ac_comm) - 1);
>> > + stats->ac_comm[sizeof(stats->ac_comm) - 1] = '\0';
> sizeof(tsk->comm) is 16 and sizeof(stats->ac_comm) is 32. then this statement
> is strange. and set_task_comm ensure tsk->comm is nul-terminated.
>
> so your code never change the behavior, right?
>
right.
thank you for your information:
originally, I really did not check the sizeof details.
> And, If buggy driver change tsk->comm not to use set_task_comm and tsk->comm
> is not nul-terminated, strncpy() still touch unrelated memory and ac_comm may
> expose kernel internal info. that's bad.
>
>
really, that's bad !
thank you for your information:
originally, I did not think of a buggy driver can change tsk->comm.
:-)
--
Chen Gang
Asianux Corporation
prev parent reply other threads:[~2013-04-08 4:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-08 3:27 [PATCH] kernel: tsacct: strncpy, always be sure of NUL terminated Chen Gang
2013-04-08 3:52 ` KOSAKI Motohiro
2013-04-08 4:03 ` Chen Gang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=516241AB.7040903@asianux.com \
--to=gang.chen@asianux.com \
--cc=ebiederm@xmission.com \
--cc=fweisbec@gmail.com \
--cc=kosaki.motohiro@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.