tracing/filters: NIL-terminate user input filter
Make sure messages from user space are NIL-terminated strings, otherwise we could dump random memory while reading filter file. Try this: # echo 'parent_comm ==' > events/sched/sched_process_fork/filter # cat events/sched/sched_process_fork/filter parent_comm == � Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Acked-by: Tom Zanussi <tzanussi@gmail.com> Acked-by: Frederic Weisbecker <fweisbec@gmail.com> Cc: Steven Rostedt <rostedt@goodmis.org> LKML-Reference: <49E04C32.6060508@cn.fujitsu.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
This commit is contained in:
Li Zefan
Ingo Molnar
@@ -503,6 +503,7 @@ event_filter_write(struct file *filp, const char __user *ubuf, size_t cnt,
|
|||||||
|
|
||||||
if (copy_from_user(&buf, ubuf, cnt))
|
if (copy_from_user(&buf, ubuf, cnt))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
buf[cnt] = '\0';
|
||||||
|
|
||||||
pred = kzalloc(sizeof(*pred), GFP_KERNEL);
|
pred = kzalloc(sizeof(*pred), GFP_KERNEL);
|
||||||
if (!pred)
|
if (!pred)
|
||||||
@@ -569,6 +570,7 @@ subsystem_filter_write(struct file *filp, const char __user *ubuf, size_t cnt,
|
|||||||
|
|
||||||
if (copy_from_user(&buf, ubuf, cnt))
|
if (copy_from_user(&buf, ubuf, cnt))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
buf[cnt] = '\0';
|
||||||
|
|
||||||
pred = kzalloc(sizeof(*pred), GFP_KERNEL);
|
pred = kzalloc(sizeof(*pred), GFP_KERNEL);
|
||||||
if (!pred)
|
if (!pred)
|
||||||
|
|||||||
Reference in New Issue
Block a user