From 9a2b5ee342fdcb17839d4f7b3c5e971517974552 Mon Sep 17 00:00:00 2001
From: z00208928 <zhangwei519@huawei.com>
Date: Tue, 23 May 2017 11:01:31 +0800
Subject: [PATCH] trace: resolve stack corruption due to string copy

CVE-2017-0605

Strcpy has no limit on string being copied which causes
stack corruption leading to kernel panic. Use strlcpy to
resolve the issue by providing length of string to be copied.

CRs-fixed: 1048480
Change-Id: Ib290b25f7e0ff96927b8530e5c078869441d409f
Signed-off-by: Amey Telawane <ameyt@codeaurora.org>
---
 kernel/trace/trace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 1a65882cac75..cfd57427c937 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1472,7 +1472,7 @@ void trace_find_cmdline(int pid, char comm[])
 	arch_spin_lock(&trace_cmdline_lock);
 	map = map_pid_to_cmdline[pid];
 	if (map != NO_CMDLINE_MAP)
-		strcpy(comm, saved_cmdlines[map]);
+		strlcpy(comm, saved_cmdlines[map], TASK_COMM_LEN-1);
 	else
 		strcpy(comm, "<...>");
 
-- 
GitLab