[PATCH v2] selftests/powerpc: Fix strncpy usage

Breno Leitao leitao at debian.org
Tue Jun 26 07:30:49 AEST 2018


There is a buffer overflow in dscr_inherit_test.c test. In main(), strncpy()'s
third argument is the length of the source, not the size of the destination
buffer, which makes strncpy() behaves like strcpy(), causing a buffer overflow
if argv[0] is bigger than LEN_MAX (100).

This patch allocates 'prog' according to the argv[0] length, avoiding LEN_MAX
restriction.

CC: Segher Boessenkool <segher at kernel.crashing.org>
CC: Anshuman Khandual <khandual at linux.vnet.ibm.com>
Signed-off-by: Breno Leitao <leitao at debian.org>
---
 tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c b/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c
index 08a8b95e3bc1..ecac4900c7dd 100644
--- a/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c
+++ b/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c
@@ -19,7 +19,7 @@
  */
 #include "dscr.h"
 
-static char prog[LEN_MAX];
+static char *prog;
 
 static void do_exec(unsigned long parent_dscr)
 {
@@ -104,6 +104,13 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
-	strncpy(prog, argv[0], strlen(argv[0]));
+	prog = malloc(strlen(argv[0]) + 1);
+	if (prog == NULL) {
+		fprintf(stderr, "Unable to allocate enough memory\n");
+		exit(1);
+	}
+
+	strcpy(prog, argv[0]);
+
 	return test_harness(dscr_inherit_exec, "dscr_inherit_exec_test");
 }
-- 
2.16.3



More information about the Linuxppc-dev mailing list