diff options
author | Zhang Wei <zhangwei519@huawei.com> | 2017-04-24 16:33:05 +0800 |
---|---|---|
committer | Zhang Wei <zhangwei519@huawei.com> | 2017-04-24 16:33:05 +0800 |
commit | 9a01e6bbea1a5b0efc14ad29e2595e535548bc24 (patch) | |
tree | ebb1a91072f3661206a1aebdf0881adf9b9103ed | |
parent | c0b927d327d01d736292baddb64d25b2b2915aee (diff) |
[PATCH] trace: resolve stack corruption due to string copyandroid-wear-7.1.1_r0.25
CVE-2017-0605
Strcpy has no limit on string being copied which causes
stack corruption leading to kernel panic. Use strlcpy to
resolve the issue by providing length of string to be copied.
CRs-fixed: 1048480
Change-Id: Ib290b25f7e0ff96927b8530e5c078869441d409f
Signed-off-by: Amey Telawane <ameyt@codeaurora.org>
-rw-r--r-- | kernel/trace/trace.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 95a760cbf577..65adf1e22a15 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1551,7 +1551,7 @@ static void __trace_find_cmdline(int pid, char comm[]) map = savedcmd->map_pid_to_cmdline[pid]; if (map != NO_CMDLINE_MAP) - strcpy(comm, get_saved_cmdlines(map)); + strlcpy(comm, get_saved_cmdlines(map),TASK_COMM_LEN - 1); else strcpy(comm, "<...>"); } |