RE: [PATCH v2 1/5] kprobes: convert kprobe_lookup_name() to a function
From: David Laight
Date: Tue Apr 18 2017 - 08:52:34 EST
From: Naveen N. Rao
> Sent: 12 April 2017 11:58
...
> +kprobe_opcode_t *kprobe_lookup_name(const char *name)
> +{
...
> + char dot_name[MODULE_NAME_LEN + 1 + KSYM_NAME_LEN];
> + const char *modsym;
> + bool dot_appended = false;
> + if ((modsym = strchr(name, ':')) != NULL) {
> + modsym++;
> + if (*modsym != '\0' && *modsym != '.') {
> + /* Convert to <module:.symbol> */
> + strncpy(dot_name, name, modsym - name);
> + dot_name[modsym - name] = '.';
> + dot_name[modsym - name + 1] = '\0';
> + strncat(dot_name, modsym,
> + sizeof(dot_name) - (modsym - name) - 2);
> + dot_appended = true;
If the ':' is 'a way down' name[] then although the strncpy() won't
overrun dot_name[] the rest of the code can.
The strncat() call is particularly borked.
David