From 9a01e6bbea1a5b0efc14ad29e2595e535548bc24 Mon Sep 17 00:00:00 2001 From: Zhang Wei <zhangwei519@huawei.com> Date: Mon, 24 Apr 2017 16:33:05 +0800 Subject: [PATCH] [PATCH] trace: resolve stack corruption due to string copy CVE-2017-0605 Strcpy has no limit on string being copied which causes stack corruption leading to kernel panic. Use strlcpy to resolve the issue by providing length of string to be copied. CRs-fixed: 1048480 Change-Id: Ib290b25f7e0ff96927b8530e5c078869441d409f Signed-off-by: Amey Telawane <ameyt@codeaurora.org> --- kernel/trace/trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 95a760cbf577..65adf1e22a15 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1551,7 +1551,7 @@ static void __trace_find_cmdline(int pid, char comm[]) map = savedcmd->map_pid_to_cmdline[pid]; if (map != NO_CMDLINE_MAP) - strcpy(comm, get_saved_cmdlines(map)); + strlcpy(comm, get_saved_cmdlines(map),TASK_COMM_LEN - 1); else strcpy(comm, "<...>"); } -- GitLab