This is a note to let you know that I've just added the patch titled
selftests/nolibc: prevent out of bounds access in expect_vfprintf
to the 6.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
selftests-nolibc-prevent-out-of-bounds-access-in-exp.patch
and it can be found in the queue-6.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit a3989fb1685f3d178bc255e9303e651ddabc332b
Author: Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
Date: Thu Aug 3 09:28:56 2023 +0200
selftests/nolibc: prevent out of bounds access in expect_vfprintf
[ Upstream commit 9c5e490093e83e165022e0311bd7df5aa06cc860 ]
If read() fails and returns -1 (or returns garbage for some other
reason) buf would be accessed out of bounds.
Only use the return value of read() after it has been validated.
Signed-off-by: Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
Signed-off-by: Willy Tarreau <w@xxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c
index 55628a25df0a3..8e7750e2eb97c 100644
--- a/tools/testing/selftests/nolibc/nolibc-test.c
+++ b/tools/testing/selftests/nolibc/nolibc-test.c
@@ -769,7 +769,6 @@ static int expect_vfprintf(int llen, size_t c, const char *expected, const char
lseek(fd, 0, SEEK_SET);
r = read(fd, buf, sizeof(buf) - 1);
- buf[r] = '\0';
fclose(memfile);
@@ -779,6 +778,7 @@ static int expect_vfprintf(int llen, size_t c, const char *expected, const char
return 1;
}
+ buf[r] = '\0';
llen += printf(" \"%s\" = \"%s\"", expected, buf);
ret = strncmp(expected, buf, c);
