Home Home > GIT Browse > SLE11-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiroslav Benes <mbenes@suse.cz>2018-12-27 15:51:33 +0100
committerMiroslav Benes <mbenes@suse.cz>2018-12-27 15:51:33 +0100
commit6f9dd5e939db5d2ec597ebdb9bb5112fc0705415 (patch)
treeac636dcb6e47de28ce28aa20248205aac95ae2ae
parentf5f45e54f5b3fac0060974def3b21f8b7cf529e3 (diff)
tracing: Fix regex_match_front() to not over compare the test
string (bsc#1120223).
-rw-r--r--patches.fixes/tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch41
-rw-r--r--series.conf1
2 files changed, 42 insertions, 0 deletions
diff --git a/patches.fixes/tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch b/patches.fixes/tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch
new file mode 100644
index 0000000000..187c9e48fe
--- /dev/null
+++ b/patches.fixes/tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch
@@ -0,0 +1,41 @@
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Wed, 9 May 2018 11:59:32 -0400
+Subject: tracing: Fix regex_match_front() to not over compare the test string
+Git-commit: dc432c3d7f9bceb3de6f5b44fb9c657c9810ed6d
+Patch-mainline: v4.17-rc5
+References: bsc#1120223
+
+The regex match function regex_match_front() in the tracing filter logic,
+was fixed to test just the pattern length from testing the entire test
+string. That is, it went from strncmp(str, r->pattern, len) to
+strcmp(str, r->pattern, r->len).
+
+The issue is that str is not guaranteed to be nul terminated, and if r->len
+is greater than the length of str, it can access more memory than is
+allocated.
+
+The solution is to add a simple test if (len < r->len) return 0.
+
+Cc: stable@vger.kernel.org
+Fixes: 285caad415f45 ("tracing/filters: Fix MATCH_FRONT_ONLY filter matching")
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+---
+ kernel/trace/trace_events_filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
+index 1f951b3df60c..7d306b74230f 100644
+--- a/kernel/trace/trace_events_filter.c
++++ b/kernel/trace/trace_events_filter.c
+@@ -762,6 +762,9 @@ static int regex_match_full(char *str, struct regex *r, int len)
+
+ static int regex_match_front(char *str, struct regex *r, int len)
+ {
++ if (len < r->len)
++ return 0;
++
+ if (strncmp(str, r->pattern, r->len) == 0)
+ return 1;
+ return 0;
+
diff --git a/series.conf b/series.conf
index 9e6a1a2367..6c13546725 100644
--- a/series.conf
+++ b/series.conf
@@ -23192,6 +23192,7 @@
patches.fixes/tracing-kprobes-allow-to-create-probe-with-a-module-name-starting-with-a-digit.patch
patches.fixes/ring-buffer-mask-out-the-info-bits-when-returning-buffer-page-length.patch
patches.fixes/tracing-probeevent-fix-to-support-minus-offset-from-symbol.patch
+ patches.fixes/tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch
########################################################
# KVM patches