[PATCH 23/38] trace-cmd lib: prevent buffer overrun in read_string()

linux-trace-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Jerome Marchand" <jmarchan@redhat.com>
To: Linux Trace Devel <linux-trace-devel@vger.kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>,
	Jerome Marchand <jmarchan@redhat.com>
Subject: [PATCH 23/38] trace-cmd lib: prevent buffer overrun in read_string()
Date: Wed,  5 Jun 2024 15:40:38 +0200	[thread overview]
Message-ID: <20240605134054.2626953-24-jmarchan@redhat.com> (raw)
In-Reply-To: <20240605134054.2626953-1-jmarchan@redhat.com>

In read_string() we try to write a null character at str(size), which
is out of range:

	if (str) {
		size += i + 1;
		str = realloc(str, size);
		if (!str)
			return NULL;
		memcpy(str + (size - i), buf, i);
		str[size] = 0;
	}

The character that should be zeroed is supposed to be at the size - 1
index, which is the size of str prior the reallocation plus i. We also
know that buf[i] == 0 so we can simply memcpy that too instead of
zeroing it by hand. That simplifies the code a little.

Fixes an OVERRUN error (CWE-119)

Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
---
 lib/trace-cmd/trace-input.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/trace-cmd/trace-input.c b/lib/trace-cmd/trace-input.c
index 3284dbd4..c485acea 100644
--- a/lib/trace-cmd/trace-input.c
+++ b/lib/trace-cmd/trace-input.c
@@ -447,15 +447,13 @@ static char *read_string(struct tracecmd_input *handle)
 		str = realloc(str, size);
 		if (!str)
 			return NULL;
-		memcpy(str + (size - i), buf, i);
-		str[size] = 0;
+		memcpy(str + (size - i), buf, i + 1);
 	} else {
 		size = i + 1;
 		str = malloc(size);
 		if (!str)
 			return NULL;
-		memcpy(str, buf, i);
-		str[i] = 0;
+		memcpy(str, buf, i + 1);
 	}
 
 	return str;
-- 
2.44.0

next prev parent reply	other threads:[~2024-06-05 13:42 UTC|newest]

Thread overview: 68+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-05 13:40 [PATCH 00/38] trace-cmd: fix misc issues found by static analysis Jerome Marchand
2024-06-05 13:40 ` [PATCH 01/38] trace-cmd listen: close ofd before exiting process_client() Jerome Marchand
2024-06-05 13:40 ` [PATCH 02/38] trace-cmd msg: prevent a memory leak in get_trace_req_args() Jerome Marchand
2024-06-05 13:40 ` [PATCH 03/38] trace-cmd lib: prevent a memory leak in read_header_files() Jerome Marchand
2024-06-05 13:40 ` [PATCH 04/38] trace-cmd: call dlclose() in the error path of load_plugin() Jerome Marchand
2024-06-05 13:40 ` [PATCH 05/38] trace-cmd lib: prevent possible memory coruption in add_plugin_file() Jerome Marchand
2024-06-05 13:40 ` [PATCH 06/38] trace-cmd lib: prevent a memory leak in handle_options() Jerome Marchand
2024-07-17 20:27   ` Steven Rostedt
2024-06-05 13:40 ` [PATCH 07/38] trace-cmd lib: prevent a memory leak in regex_event_buf() Jerome Marchand
2024-06-05 13:40 ` [PATCH 08/38] trace-cmd lib: prevent a memory leak in create_event_list_item() Jerome Marchand
2024-07-17 20:31   ` Steven Rostedt
2024-10-29  6:26     ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 09/38] trace-cmd lib: prevent a memory leak in read_ftrace_printk() Jerome Marchand
2024-06-05 13:40 ` [PATCH 10/38] trace-cmd: don't print a NULL string in append_pid_filter() Jerome Marchand
2024-06-05 13:40 ` [PATCH 11/38] trace-cmd record: prevent possible memory coruption in get_pid_addr_maps() Jerome Marchand
2024-06-05 13:40 ` [PATCH 12/38] trace-cmd hist: close tracecmd handle when trace_hist() exits early Jerome Marchand
2024-06-05 13:40 ` [PATCH 13/38] trace-cmd record: prevent a memory leak in show_error() Jerome Marchand
2024-07-17 20:51   ` Steven Rostedt
2024-10-29  6:31     ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 14/38] trace-cmd record: prevent memory leak in update_pid_filters() Jerome Marchand
2024-06-05 13:40 ` [PATCH 15/38] trace-cmd lib: check the return value of do_lssek() in trace_get_options() Jerome Marchand
2024-07-17 21:10   ` Steven Rostedt
2024-10-29  6:31     ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 16/38] trace-cmd lib: don't double close a file descriptor in read_header_files() Jerome Marchand
2024-06-05 13:40 ` [PATCH 17/38] trace-cmd lib: prevent memory leak in ptp_clock_server() Jerome Marchand
2024-06-05 13:40 ` [PATCH 18/38] trace-cmd lib: remove useless code in tracecmd_plog() Jerome Marchand
2024-06-05 13:40 ` [PATCH 19/38] trace-cmd record: prevent memory leak in add_all_instances() Jerome Marchand
2024-06-05 13:40 ` [PATCH 20/38] trace-cmd lib: check for a negative return value of read in tracecmd_compress_copy_from() Jerome Marchand
2024-06-05 13:40 ` [PATCH 21/38] trace-cmd record: prevent memory leak in clear_func_filter() Jerome Marchand
2024-06-05 13:40 ` [PATCH 22/38] trace-cmd dump: prevent buffer overrun in dump_clock() Jerome Marchand
2024-07-17 22:55   ` Steven Rostedt
2024-10-29  6:31     ` Jerome Marchand
2024-06-05 13:40 ` Jerome Marchand [this message]
2024-07-18  0:08   ` [PATCH 23/38] trace-cmd lib: prevent buffer overrun in read_string() Steven Rostedt
2024-06-05 13:40 ` [PATCH 24/38] trace-cmd: close file descriptor in trace_vsock_make() Jerome Marchand
2024-06-05 13:40 ` [PATCH 25/38] trace-cmd lib: prevent memory leak in glob_events() Jerome Marchand
2024-06-05 13:40 ` [PATCH 26/38] trace-cmd record: don't print a NULL string in get_temp_file() Jerome Marchand
2024-06-05 13:40 ` [PATCH 27/38] trace-cmd lib: prevent a possible file descriptor leak in set_proc_kptr_restrict() Jerome Marchand
2024-06-05 13:40 ` [PATCH 28/38] trace-cmd lib: remove unused tracecmd_parse_cmdlines() function Jerome Marchand
2024-06-05 13:40 ` [PATCH 29/38] trace-cmd record: prevent memory leak in setup_network() Jerome Marchand
2024-07-18  0:25   ` Steven Rostedt
2024-10-29  6:34     ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 30/38] trace-cmd listen: prevent memory leak in communicate_with_client() Jerome Marchand
2024-06-05 13:40 ` [PATCH 31/38] trace-cmd listen: prevent a infinite loop " Jerome Marchand
2024-06-05 13:40 ` [PATCH 32/38] trace-cmd lib: prevent memory leak in tracecmd_create_event_hook() Jerome Marchand
2024-07-18  1:16   ` Steven Rostedt
2024-10-29  6:36     ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 33/38] trace-cmd record: prevent memory corruption in parse_record_options() Jerome Marchand
2024-07-18  1:50   ` Steven Rostedt
2024-06-05 13:40 ` [PATCH 34/38] trace-cmd mem: prevent a memory leak in trace_mem() Jerome Marchand
2024-07-18  1:53   ` Steven Rostedt
2024-10-29  6:38     ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 35/38] trace-cmd: move the initialization of found_pid at the beginning of stop_trace_connect() Jerome Marchand
2024-06-05 13:40 ` [PATCH 36/38] trace-cmd record: check the length of the protocol version received Jerome Marchand
2024-07-18  2:11   ` Steven Rostedt
2024-10-29  6:40     ` Jerome Marchand
2024-06-05 13:40 ` [PATCH 37/38] trace-cmd record: close socket fd before retrying to connect Jerome Marchand
2024-06-05 13:40 ` [PATCH 38/38] trace-cmd lib: prevent a memory leak in tracecmd_tsync_proto_getall() Jerome Marchand
2024-06-05 16:17 ` [PATCH 00/38] trace-cmd: fix misc issues found by static analysis Steven Rostedt
2024-10-29  8:01 ` [PATCH 0/8 v2] " Jerome Marchand
2024-10-29  8:01   ` [PATCH 1/8] trace-cmd lib: Prevent a memory leak in handle_options() Jerome Marchand
2024-10-29  8:01   ` [PATCH 2/8] trace-cmd record: Prevent a memory leak in show_error() Jerome Marchand
2024-10-29  8:01   ` [PATCH 3/8] trace-cmd lib: Check the return value of do_lseek() in trace_get_options() Jerome Marchand
2024-10-29  8:01   ` [PATCH 4/8] trace-cmd dump: Prevent buffer overrun in dump_clock() Jerome Marchand
2024-10-29  8:01   ` [PATCH 5/8] trace-cmd record: Prevent memory leak in setup_network() Jerome Marchand
2024-10-29  8:01   ` [PATCH 6/8] trace-cmd lib: Prevent memory leak in tracecmd_create_event_hook() Jerome Marchand
2024-10-29  8:01   ` [PATCH 7/8] trace-cmd mem: Prevent a memory leak in trace_mem() Jerome Marchand
2024-10-29  8:01   ` [PATCH 8/8] trace-cmd record: Check the length of the protocol version received Jerome Marchand

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3284dbd dfblob:c485ace )
 OR (
bs:"[PATCH 23/38] trace-cmd lib: prevent buffer overrun in read_string()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240605134054.2626953-24-jmarchan@redhat.com \
    --to=jmarchan@redhat.com \
    --cc=linux-trace-devel@vger.kernel.org \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).