Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()

From: Chris Wright
Date: Tue Nov 30 2004 - 13:38:06 EST

Next message: Andrew Morton: "Re: 2.6.10-rc2-mm4"
Previous message: Valdis . Kletnieks: "Re: Designing Another File System"
In reply to: Jeremy Fitzhardinge: "Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()"
Next in thread: Jeremy Fitzhardinge: "Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Jeremy Fitzhardinge (jeremy@xxxxxxxx) wrote:
> struct task_struct.comm is defined to be 16 chars, but
> arch/x86_64/sys_ia32.c:sys32_ni_syscall() copies it into a static 8 byte
> buffer, which will surely cause problems. This patch makes lastcomm[]
> the right size, and makes sure it can't be overrun. Since the code also
> goes to the effort of getting a local copy of current in "me", we may as
> well use it for printing the message.

Looks good, but you missed sys32_vm86_warning.

Signed-off-by: Chris Wright <chrisw@xxxxxxxx>

===== arch/x86_64/ia32/sys_ia32.c 1.74 vs edited =====
--- 1.74/arch/x86_64/ia32/sys_ia32.c 2004-11-02 06:40:37 -08:00
+++ edited/arch/x86_64/ia32/sys_ia32.c 2004-11-30 09:42:26 -08:00
@@ -525,11 +525,12 @@ sys32_waitpid(compat_pid_t pid, unsigned
int sys32_ni_syscall(int call)
{
struct task_struct *me = current;
- static char lastcomm[8];
- if (strcmp(lastcomm, me->comm)) {
- printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", call,
- current->comm);
- strcpy(lastcomm, me->comm);
+ static char lastcomm[sizeof(me->comm)];
+
+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) {
+ printk(KERN_INFO "IA32 syscall %d from %s not implemented\n",
+ call, me->comm);
+ strncpy(lastcomm, me->comm, sizeof(lastcomm));
}
return -ENOSYS;
}
@@ -1125,11 +1126,11 @@ long sys32_fadvise64_64(int fd, __u32 of
long sys32_vm86_warning(void)
{
struct task_struct *me = current;
- static char lastcomm[8];
- if (strcmp(lastcomm, me->comm)) {
+ static char lastcomm[sizeof(me->comm)];
+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) {
printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n",
me->comm);
- strcpy(lastcomm, me->comm);
+ strncpy(lastcomm, me->comm, sizeof(lastcomm));
}
return -ENOSYS;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: 2.6.10-rc2-mm4"
Previous message: Valdis . Kletnieks: "Re: Designing Another File System"
In reply to: Jeremy Fitzhardinge: "Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()"
Next in thread: Jeremy Fitzhardinge: "Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]