RE: [PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function

David Laight Tue, 18 Apr 2017 05:52:57 -0700

From: Naveen N. Rao
> Sent: 12 April 2017 11:58
...
> +kprobe_opcode_t *kprobe_lookup_name(const char *name)
> +{
...
> +     char dot_name[MODULE_NAME_LEN + 1 + KSYM_NAME_LEN];
> +     const char *modsym;
> +     bool dot_appended = false;
> +     if ((modsym = strchr(name, ':')) != NULL) {
> +             modsym++;
> +             if (*modsym != '\0' && *modsym != '.') {
> +                     /* Convert to <module:.symbol> */
> +                     strncpy(dot_name, name, modsym - name);
> +                     dot_name[modsym - name] = '.';
> +                     dot_name[modsym - name + 1] = '\0';
> +                     strncat(dot_name, modsym,
> +                             sizeof(dot_name) - (modsym - name) - 2);
> +                     dot_appended = true;


If the ':' is 'a way down' name[] then although the strncpy() won't
overrun dot_name[] the rest of the code can.

The strncat() call is particularly borked.

        David

RE: [PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function

Reply via email to