Re: [PATCH] kernel: module: strncpy issue, using strlcpy instead of strncpy
From: Rusty Russell
Date: Mon Apr 08 2013 - 02:33:39 EST
Chen Gang <gang.chen@xxxxxxxxxxx> writes:
> ownername and namebuf are all NUL terminated string.
>
> need always let them ended by '\0'.
>
> Signed-off-by: Chen Gang <gang.chen@xxxxxxxxxxx>
> ---
> kernel/module.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index 3c2c72d..597efd8 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -1283,7 +1283,7 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod,
>
> getname:
> /* We must make copy under the lock if we failed to get ref. */
> - strncpy(ownername, module_name(owner), MODULE_NAME_LEN);
> + strlcpy(ownername, module_name(owner), MODULE_NAME_LEN);
This should just be strcpy().
> unlock:
> mutex_unlock(&module_mutex);
> return sym;
> @@ -3464,7 +3464,7 @@ const char *module_address_lookup(unsigned long addr,
> }
> /* Make a copy in here where it's safe */
> if (ret) {
> - strncpy(namebuf, ret, KSYM_NAME_LEN - 1);
> + strlcpy(namebuf, ret, KSYM_NAME_LEN);
This isn't a bug, because the caller (kallsyms_lookup) puts a NUL in
ret[KSYM_NAME_LEN].
However, kallsyms_lookup also calls kallsyms_expand_symbol, which
doesn't stop at KSYM_NAME_LEN, so if a name was longer than that we'd
have a real bug.
Would you like to take a look at that, too?
Thanks,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/