Message ID | 20241007144724.920954-1-leo.yan@arm.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 0b6e2e22cb23105fcb171ab92f0f7516c69c8471 |
Headers | show |
Series | [v2] tracing: Consider the NULL character when validating the event length | expand |
On Mon, 7 Oct 2024 15:47:24 +0100 Leo Yan <leo.yan@arm.com> wrote: > strlen() returns a string length excluding the null byte. If the string > length equals to the maximum buffer length, the buffer will have no > space for the NULL terminating character. > > This commit checks this condition and returns failure for it. > > Fixes: dec65d79fd26 ("tracing/probe: Check event name length correctly") > Signed-off-by: Leo Yan <leo.yan@arm.com> Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org> Masami, want to take this? -- Steve > --- > > Changes from v1: > Refined for condition checking (Steve). > > kernel/trace/trace_probe.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c > index 39877c80d6cb..16a5e368e7b7 100644 > --- a/kernel/trace/trace_probe.c > +++ b/kernel/trace/trace_probe.c > @@ -276,7 +276,7 @@ int traceprobe_parse_event_name(const char **pevent, const char **pgroup, > } > trace_probe_log_err(offset, NO_EVENT_NAME); > return -EINVAL; > - } else if (len > MAX_EVENT_NAME_LEN) { > + } else if (len >= MAX_EVENT_NAME_LEN) { > trace_probe_log_err(offset, EVENT_TOO_LONG); > return -EINVAL; > }
On Mon, 7 Oct 2024 15:47:24 +0100 Leo Yan <leo.yan@arm.com> wrote: > strlen() returns a string length excluding the null byte. If the string > length equals to the maximum buffer length, the buffer will have no > space for the NULL terminating character. > > This commit checks this condition and returns failure for it. > Ah, good catch! The traceprobe_parse_event_name() requires MAX_EVENT_NAME_LEN buffer. ---- /* @buf must has MAX_EVENT_NAME_LEN size */ int traceprobe_parse_event_name(const char **pevent, const char **pgroup, ---- But the macro name is a bit confusing. We may need below and use it around. #define EVENT_NAME_BUFSIZE (MAX_EVENT_NAME_LEN + 1) Anyway, I think this fix is correct. Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Thank you, > Fixes: dec65d79fd26 ("tracing/probe: Check event name length correctly") > Signed-off-by: Leo Yan <leo.yan@arm.com> > --- > > Changes from v1: > Refined for condition checking (Steve). > > kernel/trace/trace_probe.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c > index 39877c80d6cb..16a5e368e7b7 100644 > --- a/kernel/trace/trace_probe.c > +++ b/kernel/trace/trace_probe.c > @@ -276,7 +276,7 @@ int traceprobe_parse_event_name(const char **pevent, const char **pgroup, > } > trace_probe_log_err(offset, NO_EVENT_NAME); > return -EINVAL; > - } else if (len > MAX_EVENT_NAME_LEN) { > + } else if (len >= MAX_EVENT_NAME_LEN) { > trace_probe_log_err(offset, EVENT_TOO_LONG); > return -EINVAL; > } > -- > 2.34.1 >
diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index 39877c80d6cb..16a5e368e7b7 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -276,7 +276,7 @@ int traceprobe_parse_event_name(const char **pevent, const char **pgroup, } trace_probe_log_err(offset, NO_EVENT_NAME); return -EINVAL; - } else if (len > MAX_EVENT_NAME_LEN) { + } else if (len >= MAX_EVENT_NAME_LEN) { trace_probe_log_err(offset, EVENT_TOO_LONG); return -EINVAL; }
strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character. This commit checks this condition and returns failure for it. Fixes: dec65d79fd26 ("tracing/probe: Check event name length correctly") Signed-off-by: Leo Yan <leo.yan@arm.com> --- Changes from v1: Refined for condition checking (Steve). kernel/trace/trace_probe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)