[PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function
Naveen N. Rao
naveen.n.rao at linux.vnet.ibm.com
Wed Apr 19 18:08:40 AEST 2017
Excerpts from David Laight's message of April 18, 2017 18:22:
> From: Naveen N. Rao
>> Sent: 12 April 2017 11:58
> ...
>> +kprobe_opcode_t *kprobe_lookup_name(const char *name)
>> +{
> ...
>> + char dot_name[MODULE_NAME_LEN + 1 + KSYM_NAME_LEN];
>> + const char *modsym;
>> + bool dot_appended = false;
>> + if ((modsym = strchr(name, ':')) != NULL) {
>> + modsym++;
>> + if (*modsym != '\0' && *modsym != '.') {
>> + /* Convert to <module:.symbol> */
>> + strncpy(dot_name, name, modsym - name);
>> + dot_name[modsym - name] = '.';
>> + dot_name[modsym - name + 1] = '\0';
>> + strncat(dot_name, modsym,
>> + sizeof(dot_name) - (modsym - name) - 2);
>> + dot_appended = true;
>
> If the ':' is 'a way down' name[] then although the strncpy() won't
> overrun dot_name[] the rest of the code can.
Nice catch, thanks David!
We need to be validating the length of 'name'. I'll put out a patch for
that.
As an aside, I'm not sure I follow what you mean when you say that the
strncpy() won't overrun dot_name[]. If we have a name[] longer than
sizeof(dot_name) with the ':' after that, the strncpy() can also overrun
dot_name[].
- Naveen
>
> The strncat() call is particularly borked.
>
> David
>
>
More information about the Linuxppc-dev
mailing list