summaryrefslogtreecommitdiff
path: root/lib/fault-inject.c
diff options
context:
space:
mode:
authorJohn Ogness <john.ogness@linutronix.de>2021-01-14 18:10:12 +0106
committerPetr Mladek <pmladek@suse.com>2021-01-19 11:42:14 +0100
commitf0e386ee0c0b71ea6f7238506a4d0965a2dbef11 (patch)
treefcb64a3869333c1e7e415bced21a6b7e00d1012e /lib/fault-inject.c
parent89ccf18f032f26946e2ea6258120472eec6aa745 (diff)
printk: fix buffer overflow potential for print_text()
Before the commit 896fbe20b4e2333fb55 ("printk: use the lockless ringbuffer"), msg_print_text() would only write up to size-1 bytes into the provided buffer. Some callers expect this behavior and append a terminator to returned string. In particular: arch/powerpc/xmon/xmon.c:dump_log_buf() arch/um/kernel/kmsg_dump.c:kmsg_dumper_stdout() msg_print_text() has been replaced by record_print_text(), which currently fills the full size of the buffer. This causes a buffer overflow for the above callers. Change record_print_text() so that it will only use size-1 bytes for text data. Also, for paranoia sakes, add a terminator after the text data. And finally, document this behavior so that it is clear that only size-1 bytes are used and a terminator is added. Fixes: 896fbe20b4e2333fb55 ("printk: use the lockless ringbuffer") Cc: stable@vger.kernel.org # 5.10+ Signed-off-by: John Ogness <john.ogness@linutronix.de> Reviewed-by: Petr Mladek <pmladek@suse.com> Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Petr Mladek <pmladek@suse.com> Link: https://lore.kernel.org/r/20210114170412.4819-1-john.ogness@linutronix.de
Diffstat (limited to 'lib/fault-inject.c')
0 files changed, 0 insertions, 0 deletions