[PATCH v3 3/7] kprobes: validate the symbol name length
Naveen N. Rao
naveen.n.rao at linux.vnet.ibm.com
Thu Apr 20 17:19:28 AEST 2017
Excerpts from Michael Ellerman's message of April 20, 2017 11:38:
> "Naveen N. Rao" <naveen.n.rao at linux.vnet.ibm.com> writes:
>
>> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
>> index 6a128f3a7ed1..bb86681c8a10 100644
>> --- a/kernel/kprobes.c
>> +++ b/kernel/kprobes.c
>> @@ -1382,6 +1382,28 @@ bool within_kprobe_blacklist(unsigned long addr)
>> return false;
>> }
>>
>> +bool is_valid_kprobe_symbol_name(const char *name)
>> +{
>> + size_t sym_len;
>> + char *s;
>> +
>> + s = strchr(name, ':');
>> + if (s) {
>> + sym_len = strnlen(s+1, KSYM_NAME_LEN);
>> + if (sym_len <= 0 || sym_len >= KSYM_NAME_LEN)
>> + return false;
>> + sym_len = (size_t)(s - name);
>> + if (sym_len <= 0 || sym_len >= MODULE_NAME_LEN)
>> + return false;
>> + } else {
>> + sym_len = strnlen(name, MODULE_NAME_LEN);
>> + if (sym_len <= 0 || sym_len >= MODULE_NAME_LEN)
>> + return false;
>> + }
>
> I think this is probably more elaborate than it needs to be.
>
> Why not just check the string is <= (MODULE_NAME_LEN + KSYM_NAME_LEN) ?
Yes, that would be sufficient for now.
It's probably just me being paranoid, but I felt it's good to have
stricter checks for user-provided strings, to guard against future
changes to how we process this.
- Naveen
More information about the Linuxppc-dev
mailing list