Re: [RFC 1/3] kallsyms: don't leak address when symbol not found
From: Tobin C. Harding
Date: Wed Nov 29 2017 - 19:16:29 EST
I reordered the To's and CC's, I hope this doesn't break
threading. (clearly I haven't groked email yet :( )
On Tue, Nov 28, 2017 at 09:30:17AM +1100, Tobin C. Harding wrote:
> Currently if kallsyms_lookup() fails to find the symbol then the address
> is printed. This potentially leaks sensitive information. Instead of
> printing the address we can return an error, giving the calling code the
> option to print the address or print some sanitized message.
>
> Return error instead of printing address to argument buffer. Leave
> buffer in a sane state.
>
> Signed-off-by: Tobin C. Harding <me@xxxxxxxx>
> ---
> kernel/kallsyms.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
> index 531ffa984bc2..4bfa4ee3ce93 100644
> --- a/kernel/kallsyms.c
> +++ b/kernel/kallsyms.c
> @@ -394,8 +394,10 @@ static int __sprint_symbol(char *buffer, unsigned long address,
>
> address += symbol_offset;
> name = kallsyms_lookup(address, &size, &offset, &modname, buffer);
> - if (!name)
> - return sprintf(buffer, "0x%lx", address - symbol_offset);
> + if (!name) {
> + buffer[0] = '\0';
> + return -1;
> + }
>
> if (name != buffer)
> strcpy(buffer, name);
> --
> 2.7.4
>
Do you want a Suggested-by: tag for this patch Steve? I mentioned you in
the cover letter but as far as going into the git history I'm not
entirely sure on the protocol for adding suggested-by. The kernel docs
say not to add it without authorization, so ...
thanks,
Tobin.