| Message ID | 20210124202728.4718-1-john.ogness@linutronix.de |
|---|---|
| State | Accepted |
| Commit | 08d60e5999540110576e7c1346d486220751b7f9 |
| Headers | show |
| Series |
|
| Related | show |
On Sun 2021-01-24 21:33:28, John Ogness wrote: > Commit f0e386ee0c0b ("printk: fix buffer overflow potential for > print_text()") added string termination in record_print_text(). > However it used the wrong base pointer for adding the terminator. > This led to a 0-byte being written somewhere beyond the buffer. > > Use the correct base pointer when adding the terminator. > > Fixes: f0e386ee0c0b ("printk: fix buffer overflow potential for print_text()") > Reported-by: Sven Schnelle <svens@linux.ibm.com> > Signed-off-by: John Ogness <john.ogness@linutronix.de> The patch is pushed in kernel/printk.git, branch printk-rework. I am going to send pull request for-5.11 later today. Thanks a lot for the debugging and quick fix. I feel shame that I did not caught this during the review. Best Regards, Petr
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index 6639a0cfe0ac..5a95c688621f 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -1398,7 +1398,7 @@ static size_t record_print_text(struct printk_record *r, bool syslog, * not counted in the return value. */ if (buf_size > 0) - text[len] = 0; + r->text_buf[len] = 0; return len; }
Commit f0e386ee0c0b ("printk: fix buffer overflow potential for print_text()") added string termination in record_print_text(). However it used the wrong base pointer for adding the terminator. This led to a 0-byte being written somewhere beyond the buffer. Use the correct base pointer when adding the terminator. Fixes: f0e386ee0c0b ("printk: fix buffer overflow potential for print_text()") Reported-by: Sven Schnelle <svens@linux.ibm.com> Signed-off-by: John Ogness <john.ogness@linutronix.de> --- kernel/printk/printk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)