tracing: Fix regex_match_front() to not over compare the test string
commitpull/10/headdc432c3d7f
upstream. The regex match function regex_match_front() in the tracing filter logic, was fixed to test just the pattern length from testing the entire test string. That is, it went from strncmp(str, r->pattern, len) to strcmp(str, r->pattern, r->len). The issue is that str is not guaranteed to be nul terminated, and if r->len is greater than the length of str, it can access more memory than is allocated. The solution is to add a simple test if (len < r->len) return 0. Cc: stable@vger.kernel.org Fixes:285caad415
("tracing/filters: Fix MATCH_FRONT_ONLY filter matching") Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
parent
586d02c147
commit
8999971292
|
@ -338,6 +338,9 @@ static int regex_match_full(char *str, struct regex *r, int len)
|
||||||
|
|
||||||
static int regex_match_front(char *str, struct regex *r, int len)
|
static int regex_match_front(char *str, struct regex *r, int len)
|
||||||
{
|
{
|
||||||
|
if (len < r->len)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (strncmp(str, r->pattern, r->len) == 0)
|
if (strncmp(str, r->pattern, r->len) == 0)
|
||||||
return 1;
|
return 1;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Loading…
Reference in New Issue