Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()

From: Jeremy Fitzhardinge
Date: Tue Nov 30 2004 - 16:44:35 EST

Next message: Alexandre Oliva: "Re: [RFC] Splitting kernel headers and deprecating __KERNEL__"
Previous message: Avi Kivity: "Re: [PATCH] [Request for inclusion] Filesystem in Userspace"
In reply to: Chris Wright: "Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()"
Next in thread: Chris Wright: "Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2004-11-30 at 10:31 -0800, Chris Wright wrote:
> * Jeremy Fitzhardinge (jeremy@xxxxxxxx) wrote:
> > struct task_struct.comm is defined to be 16 chars, but
> > arch/x86_64/sys_ia32.c:sys32_ni_syscall() copies it into a static 8 byte
> > buffer, which will surely cause problems. This patch makes lastcomm[]
> > the right size, and makes sure it can't be overrun. Since the code also
> > goes to the effort of getting a local copy of current in "me", we may as
> > well use it for printing the message.
>
> Looks good, but you missed sys32_vm86_warning.

Hadn't got that far. Should we be worried that task_struct.comm might
not be \0-terminated, and therefore use ("... %.*s ...",
sizeof(lastcomm), lastcomm) in the printk's?

J

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexandre Oliva: "Re: [RFC] Splitting kernel headers and deprecating __KERNEL__"
Previous message: Avi Kivity: "Re: [PATCH] [Request for inclusion] Filesystem in Userspace"
In reply to: Chris Wright: "Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()"
Next in thread: Chris Wright: "Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]