[CVE-2017-0605][Trusty][PATCHv2] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

Po-Hsu Lin po-hsu.lin at canonical.com
Tue May 23 10:00:44 UTC 2017

From: Amey Telawane <ameyt at codeaurora.org>
Strcpy is inherently not safe, and strlcpy() should be used instead.
__trace_find_cmdline() uses strcpy() because the comms saved must have a
terminating nul character, but it doesn't hurt to add the extra protection
of using strlcpy() instead of strcpy().

Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@linaro.org

Signed-off-by: Amey Telawane <ameyt at codeaurora.org>
[AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10
Signed-off-by: Amit Pundir <amit.pundir at linaro.org>
[ Updated change log and removed the "- 1" from len parameter ]
Signed-off-by: Steven Rostedt (VMware) <rostedt at goodmis.org>
(backported from commit e09e28671cda63e6308b31798b997639120e2a21)
Patch modified for related function in older release.
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
 kernel/trace/trace.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 4ac996f..8c92acd 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1498,7 +1498,7 @@ void trace_find_cmdline(int pid, char comm[])
 	map = map_pid_to_cmdline[pid];
 	if (map != NO_CMDLINE_MAP)
-		strcpy(comm, saved_cmdlines[map]);
+		strlcpy(comm, saved_cmdlines[map], TASK_COMM_LEN);
 		strcpy(comm, "<...>");

More information about the kernel-team mailing list