+ cgroups-add-check-for-strcpy-destination-string-overflow.patch added to -mm tree

akpm@xxxxxxxxxxxxxxxxxxxx · Tue, 05 Oct 2010 13:08:35 -0700

The patch titled
     cgroups: add check for strcpy destination string overflow
has been added to the -mm tree.  Its filename is
     cgroups-add-check-for-strcpy-destination-string-overflow.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find
out what to do about this

The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/

------------------------------------------------------
Subject: cgroups: add check for strcpy destination string overflow
From: Evgeny Kuznetsov <ext-eugeny.kuznetsov@xxxxxxxxx>

Function "strcpy" is used without check for maximum allowed source string
length and could cause destination string overflow.  Check for string
length is added before using "strcpy".  Function now is return error if
source string length is more than a maximum.

akpm: presently considered NotABug, but add the check for general
future-safeness and robustness.

Signed-off-by: Evgeny Kuznetsov <EXT-Eugeny.Kuznetsov@xxxxxxxxx>
Acked-by: Paul Menage <menage@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 kernel/cgroup.c |    2 ++
 1 file changed, 2 insertions(+)

diff -puN kernel/cgroup.c~cgroups-add-check-for-strcpy-destination-string-overflow kernel/cgroup.c

--- a/kernel/cgroup.c~cgroups-add-check-for-strcpy-destination-string-overflow
+++ a/kernel/cgroup.c
@@ -1921,6 +1921,8 @@ static int cgroup_release_agent_write(st
 				      const char *buffer)
 {
 	BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX);
+	if (strlen(buffer) >= PATH_MAX)
+		return -EINVAL;
 	if (!cgroup_lock_live_group(cgrp))
 		return -ENODEV;
 	strcpy(cgrp->root->release_agent_path, buffer);
_

Patches currently in -mm which might be from ext-eugeny.kuznetsov@xxxxxxxxx are

cgroups-add-check-for-strcpy-destination-string-overflow.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





