| Message ID | 20211108083840.4627-3-laoar.shao@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | task comm cleanups | expand |
| Context | Check | Description |
|---|---|---|
| bpf/vmtest-bpf | success | VM_Test |
| bpf/vmtest-bpf-PR | success | PR summary |
| bpf/vmtest-bpf-next | success | VM_Test |
| bpf/vmtest-bpf-next-PR | success | PR summary |
| netdev/tree_selection | success | Not a local patch, async |
On 08.11.21 09:38, Yafang Shao wrote: > If the dest buffer size is smaller than sizeof(tsk->comm), the buffer > will be without null ternimator, that may cause problem. Using > strscpy_pad() instead of strncpy() in __get_task_comm() can make the string > always nul ternimated. > > Suggested-by: Kees Cook <keescook@chromium.org> > Suggested-by: Steven Rostedt <rostedt@goodmis.org> > Signed-off-by: Yafang Shao <laoar.shao@gmail.com> > Reviewed-by: Kees Cook <keescook@chromium.org> > Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> > Cc: Arnaldo Carvalho de Melo <arnaldo.melo@gmail.com> > Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com> > Cc: Andrii Nakryiko <andrii.nakryiko@gmail.com> > Cc: Michal Miroslaw <mirq-linux@rere.qmqm.pl> > Cc: Peter Zijlstra <peterz@infradead.org> > Cc: Steven Rostedt <rostedt@goodmis.org> > Cc: Matthew Wilcox <willy@infradead.org> > Cc: David Hildenbrand <david@redhat.com> > Cc: Al Viro <viro@zeniv.linux.org.uk> > Cc: Kees Cook <keescook@chromium.org> > Cc: Petr Mladek <pmladek@suse.com> > --- Reviewed-by: David Hildenbrand <david@redhat.com>
diff --git a/fs/exec.c b/fs/exec.c index 404156b5b314..013b707d995d 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1209,7 +1209,8 @@ static int unshare_sighand(struct task_struct *me) char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk) { task_lock(tsk); - strncpy(buf, tsk->comm, buf_size); + /* Always NUL terminated and zero-padded */ + strscpy_pad(buf, tsk->comm, buf_size); task_unlock(tsk); return buf; }