• Xiaotian Feng's avatar
    core_pattern: fix truncation by core_pattern handler with long parameters · 1b0d300b
    Xiaotian Feng authored
    We met a parameter truncated issue, consider following:
    > echo "|/root/core_pattern_pipe_test %p /usr/libexec/blah-blah-blah \
    %s %c %p %u %g 11 12345678901234567890123456789012345678 %t" > \
    /proc/sys/kernel/core_pattern
    
    This is okay because the strings is less than CORENAME_MAX_SIZE.  "cat
    /proc/sys/kernel/core_pattern" shows the whole string.  but after we run
    core_pattern_pipe_test in man page, we found last parameter was truncated
    like below:
    
            argc[10]=<12807486>
    
    The root cause is core_pattern allows % specifiers, which need to be
    replaced during parse time, but the replace may expand the strings to
    larger than CORENAME_MAX_SIZE.  So if the last parameter is % specifiers,
    the replace code is using snprintf(out_ptr, out_end - out_ptr, ...), this
    will write out of corename array.
    
    [akpm@linux-foundation.org: coding-style fixes]
    Signed-off-by: default avatarXiaotian Feng <dfeng@redhat.com>
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
    Reviewed-by: default avatarNeil Horman <nhorman@tuxdriver.com>
    Cc: Roland McGrath <roland@redhat.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    1b0d300b
exec.c 48 KB