Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()

From: Chris Wright
Date: Tue Nov 30 2004 - 17:18:29 EST

Next message: Jesper Juhl: "Re: [RFC] misleading error message"
Previous message: Marcus Metzler: "Re: GPL violation by iRiver"
In reply to: Jeremy Fitzhardinge: "Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Jeremy Fitzhardinge (jeremy@xxxxxxxx) wrote:
> On Tue, 2004-11-30 at 10:31 -0800, Chris Wright wrote:
> > * Jeremy Fitzhardinge (jeremy@xxxxxxxx) wrote:
> > > struct task_struct.comm is defined to be 16 chars, but
> > > arch/x86_64/sys_ia32.c:sys32_ni_syscall() copies it into a static 8 byte
> > > buffer, which will surely cause problems. This patch makes lastcomm[]
> > > the right size, and makes sure it can't be overrun. Since the code also
> > > goes to the effort of getting a local copy of current in "me", we may as
> > > well use it for printing the message.
> >
> > Looks good, but you missed sys32_vm86_warning.
>
> Hadn't got that far. Should we be worried that task_struct.comm might
> not be \0-terminated, and therefore use ("... %.*s ...",
> sizeof(lastcomm), lastcomm) in the printk's?

It gets NULL terminated during exec or prctl.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jesper Juhl: "Re: [RFC] misleading error message"
Previous message: Marcus Metzler: "Re: GPL violation by iRiver"
In reply to: Jeremy Fitzhardinge: "Re: Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]