summaryrefslogtreecommitdiffstats
path: root/fs/debugfs
diff options
context:
space:
mode:
authorXiaotian Feng <dfeng@redhat.com>2010-10-28 00:34:08 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2010-10-28 03:03:12 +0200
commit1b0d300bd0f047e2edaf9d4b6784189e6c67c3d1 (patch)
treece3777527c949add56658e4d5b2ab02781590931 /fs/debugfs
parentsignals: move cred_guard_mutex from task_struct to signal_struct (diff)
downloadlinux-1b0d300bd0f047e2edaf9d4b6784189e6c67c3d1.tar.xz
linux-1b0d300bd0f047e2edaf9d4b6784189e6c67c3d1.zip
core_pattern: fix truncation by core_pattern handler with long parameters
We met a parameter truncated issue, consider following: > echo "|/root/core_pattern_pipe_test %p /usr/libexec/blah-blah-blah \ %s %c %p %u %g 11 12345678901234567890123456789012345678 %t" > \ /proc/sys/kernel/core_pattern This is okay because the strings is less than CORENAME_MAX_SIZE. "cat /proc/sys/kernel/core_pattern" shows the whole string. but after we run core_pattern_pipe_test in man page, we found last parameter was truncated like below: argc[10]=<12807486> The root cause is core_pattern allows % specifiers, which need to be replaced during parse time, but the replace may expand the strings to larger than CORENAME_MAX_SIZE. So if the last parameter is % specifiers, the replace code is using snprintf(out_ptr, out_end - out_ptr, ...), this will write out of corename array. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Xiaotian Feng <dfeng@redhat.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Oleg Nesterov <oleg@redhat.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Reviewed-by: Neil Horman <nhorman@tuxdriver.com> Cc: Roland McGrath <roland@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/debugfs')
0 files changed, 0 insertions, 0 deletions