RE: [PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function

[PATCH v2 0/5] powerpc: a few kprobe fixes and refactoring · Naveen N. Rao <hidden> · 2017-04-12
[PATCH v2 2/5] powerpc: kprobes: fix handling of function offsets on ABIv2 · Naveen N. Rao <hidden> · 2017-04-12
Re: [PATCH v2 2/5] powerpc: kprobes: fix handling of function offsets on ABIv2 · Masami Hiramatsu <mhiramat@kernel.org> · 2017-04-13
[PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function · Naveen N. Rao <hidden> · 2017-04-12
Re: [PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function · Masami Hiramatsu <mhiramat@kernel.org> · 2017-04-13
RE: [PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function · David Laight <hidden> · 2017-04-18
RE: [PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function · Naveen N. Rao <hidden> · 2017-04-19
RE: [PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function · David Laight <hidden> · 2017-04-19
Re: [PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function · 'Naveen N. Rao' <hidden> · 2017-04-19
[PATCH v2 4/5] powerpc: kprobes: factor out code to emulate instruction into a helper · Naveen N. Rao <hidden> · 2017-04-12
Re: [PATCH v2 4/5] powerpc: kprobes: factor out code to emulate instruction into a helper · Masami Hiramatsu <mhiramat@kernel.org> · 2017-04-13
Re: [PATCH v2 4/5] powerpc: kprobes: factor out code to emulate instruction into a helper · Naveen N. Rao <hidden> · 2017-04-13
Re: [PATCH v2 4/5] powerpc: kprobes: factor out code to emulate instruction into a helper · Naveen N. Rao <hidden> · 2017-04-13
[PATCH v2 5/5] powerpc: kprobes: emulate instructions on kprobe handler re-entry · Naveen N. Rao <hidden> · 2017-04-12
Re: [PATCH v2 5/5] powerpc: kprobes: emulate instructions on kprobe handler re-entry · Masami Hiramatsu <mhiramat@kernel.org> · 2017-04-13
Re: [PATCH v2 5/5] powerpc: kprobes: emulate instructions on kprobe handler re-entry · Naveen N. Rao <hidden> · 2017-04-13
[PATCH v2 3/5] powerpc: introduce a new helper to obtain function entry points · Naveen N. Rao <hidden> · 2017-04-12
Re: [PATCH v2 3/5] powerpc: introduce a new helper to obtain function entry points · Masami Hiramatsu <mhiramat@kernel.org> · 2017-04-13
Re: [PATCH v2 3/5] powerpc: introduce a new helper to obtain function entry points · Naveen N. Rao <hidden> · 2017-04-13
Re: [PATCH v2 0/5] powerpc: a few kprobe fixes and refactoring · Masami Hiramatsu <mhiramat@kernel.org> · 2017-04-13
Re: [PATCH v2 0/5] powerpc: a few kprobe fixes and refactoring · Naveen N. Rao <hidden> · 2017-04-13

From: Naveen N. Rao <hidden>
Date: 2017-04-19 08:09:00
Also in: lkml

Excerpts from David Laight's message of April 18, 2017 18:22:

From: Naveen N. Rao

quoted

Sent: 12 April 2017 11:58

...

quoted

+kprobe_opcode_t *kprobe_lookup_name(const char *name)
+{

...

quoted

+	char dot_name[MODULE_NAME_LEN + 1 + KSYM_NAME_LEN];
+	const char *modsym;
+	bool dot_appended =3D false;
+	if ((modsym =3D strchr(name, ':')) !=3D NULL) {
+		modsym++;
+		if (*modsym !=3D '\0' && *modsym !=3D '.') {
+			/* Convert to <module:.symbol> */
+			strncpy(dot_name, name, modsym - name);
+			dot_name[modsym - name] =3D '.';
+			dot_name[modsym - name + 1] =3D '\0';
+			strncat(dot_name, modsym,
+				sizeof(dot_name) - (modsym - name) - 2);
+			dot_appended =3D true;

=20
If the ':' is 'a way down' name[] then although the strncpy() won't
overrun dot_name[] the rest of the code can.

Nice catch, thanks David!
We need to be validating the length of 'name'. I'll put out a patch for=20
that.

As an aside, I'm not sure I follow what you mean when you say that the=20
strncpy() won't overrun dot_name[]. If we have a name[] longer than=20
sizeof(dot_name) with the ':' after that, the strncpy() can also overrun=20
dot_name[].


- Naveen

=20
The strncat() call is particularly borked.
=20
	David
=20
=20

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help