Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755570AbeAJDKY (ORCPT + 1 other); Tue, 9 Jan 2018 22:10:24 -0500 Received: from mga07.intel.com ([134.134.136.100]:51275 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755500AbeAJDKW (ORCPT ); Tue, 9 Jan 2018 22:10:22 -0500 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,337,1511856000"; d="scan'208";a="192178396" Date: Wed, 10 Jan 2018 11:02:06 +0800 From: "Du, Changbin" To: Steven Rostedt Cc: changbin.du@intel.com, jolsa@redhat.com, peterz@infradead.org, mingo@redhat.com, alexander.shishkin@linux.intel.com, linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH 2/3] tracing: make sure the parsed string always terminates with '\0' Message-ID: <20180110030206.wciy7y4mvtqoqjz3@intel.com> References: <1515491748-25926-1-git-send-email-changbin.du@intel.com> <1515491748-25926-3-git-send-email-changbin.du@intel.com> <20180109180258.3936e10a@vmware.local.home> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180109180258.3936e10a@vmware.local.home> User-Agent: NeoMutt/20171027-42-ad8712 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Tue, Jan 09, 2018 at 06:02:58PM -0500, Steven Rostedt wrote: > On Tue, 9 Jan 2018 17:55:47 +0800 > changbin.du@intel.com wrote: > > > From: Changbin Du > > > > The parser parse every string into parser.buffer. And some of the callers > > assume that parser.buffer contains a C string. So it is dangerous that the > > parser returns a unterminated string. The userspace can leverage this to > > attack the kernel. > > Is this only a bug if we apply your first patch? > I don't think so. Seems it is there already. > -- Steve > -- Thanks, Changbin Du