From mboxrd@z Thu Jan  1 00:00:00 1970
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1758577AbeAIXDD (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Tue, 9 Jan 2018 18:03:03 -0500
Received: from mail.kernel.org ([198.145.29.99]:42922 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751455AbeAIXDB (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 9 Jan 2018 18:03:01 -0500
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AD13420693
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=goodmis.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=rostedt@goodmis.org
Date: Tue, 9 Jan 2018 18:02:58 -0500
From: Steven Rostedt <rostedt@goodmis.org>
To: changbin.du@intel.com
Cc: jolsa@redhat.com, peterz@infradead.org, mingo@redhat.com,
        alexander.shishkin@linux.intel.com, linux-kernel@vger.kernel.org,
        linux-perf-users@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH 2/3] tracing: make sure the parsed string always
 terminates with '\0'
Message-ID: <20180109180258.3936e10a@vmware.local.home>
In-Reply-To: <1515491748-25926-3-git-send-email-changbin.du@intel.com>
References: <1515491748-25926-1-git-send-email-changbin.du@intel.com>
        <1515491748-25926-3-git-send-email-changbin.du@intel.com>
X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Tue,  9 Jan 2018 17:55:47 +0800
changbin.du@intel.com wrote:

> From: Changbin Du <changbin.du@intel.com>
> 
> The parser parse every string into parser.buffer. And some of the callers
> assume that parser.buffer contains a C string. So it is dangerous that the
> parser returns a unterminated string. The userspace can leverage this to
> attack the kernel.

Is this only a bug if we apply your first patch?

-- Steve