Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1162722AbdDWRY6 (ORCPT ); Sun, 23 Apr 2017 13:24:58 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:48298 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1162526AbdDWRYu (ORCPT ); Sun, 23 Apr 2017 13:24:50 -0400 From: "Naveen N. Rao" To: Jessica Yu , Rusty Russell Cc: Michael Ellerman , Masami Hiramatsu , linux-kernel@vger.kernel.org Subject: [PATCH] kallsyms: Use bounded strnchr() when parsing string Date: Sun, 23 Apr 2017 22:53:43 +0530 X-Mailer: git-send-email 2.12.1 X-TM-AS-MML: disable x-cbid: 17042317-0052-0000-0000-000002326775 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17042317-0053-0000-0000-0000080CF651 Message-Id: <20170423172343.12739-1-naveen.n.rao@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-04-23_16:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1704230317 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 860 Lines: 24 When parsing for the format, we use strchr() to look for the separator, when we know that the module name can't be longer than MODULE_NAME_LEN. Enforce the same using strnchr(). Signed-off-by: Naveen N. Rao --- kernel/module.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/module.c b/kernel/module.c index 7eba6dea4f41..d3bd56ed3541 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -4017,7 +4017,7 @@ unsigned long module_kallsyms_lookup_name(const char *name) /* Don't lock: we're in enough trouble already. */ preempt_disable(); - if ((colon = strchr(name, ':')) != NULL) { + if ((colon = strnchr(name, MODULE_NAME_LEN, ':')) != NULL) { if ((mod = find_module_all(name, colon - name, false)) != NULL) ret = mod_find_symname(mod, colon+1); } else { -- 2.12.1