On Mon, Nov 24, 2008 at 06:39:35PM +0300, Andrey Mirkin wrote: > +static int cr_rstr_task_struct(struct cr_ctx *ctx, struct cr_hdr_task *ht) > +{ > + struct task_struct *t = current; > + char *buf; > + int ret = -EINVAL; > + > + /* upper limit for task_comm_len to prevent DoS */ > + if (ht->task_comm_len < 0 || ht->task_comm_len > PAGE_SIZE) > + goto out; > + > + buf = kmalloc(ht->task_comm_len, GFP_KERNEL); > + if (!buf) > + goto out; > + ret = cr_read_string(ctx, buf, ht->task_comm_len); > + if (!ret) { > + /* if t->comm is too long, silently truncate */ > + memset(t->comm, 0, TASK_COMM_LEN); > + memcpy(t->comm, buf, min(ht->task_comm_len, TASK_COMM_LEN)); > + } > + kfree(buf); > + > + /* FIXME: restore remaining relevant task_struct fields */ > +out: > + return ret; > +} ->comm is only 16 bytes wide, you can just use on-stack variable. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers