From 9a01e6bbea1a5b0efc14ad29e2595e535548bc24 Mon Sep 17 00:00:00 2001
From: Zhang Wei <zhangwei519@huawei.com>
Date: Mon, 24 Apr 2017 16:33:05 +0800
Subject: [PATCH] [PATCH] trace: resolve stack corruption due to string copy

CVE-2017-0605

Strcpy has no limit on string being copied which causes
stack corruption leading to kernel panic. Use strlcpy to
resolve the issue by providing length of string to be copied.

CRs-fixed: 1048480
Change-Id: Ib290b25f7e0ff96927b8530e5c078869441d409f
Signed-off-by: Amey Telawane <ameyt@codeaurora.org>
---
 kernel/trace/trace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 95a760cbf577..65adf1e22a15 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1551,7 +1551,7 @@ static void __trace_find_cmdline(int pid, char comm[])
 
 	map = savedcmd->map_pid_to_cmdline[pid];
 	if (map != NO_CMDLINE_MAP)
-		strcpy(comm, get_saved_cmdlines(map));
+		strlcpy(comm, get_saved_cmdlines(map),TASK_COMM_LEN - 1);
 	else
 		strcpy(comm, "<...>");
 }
-- 
GitLab