40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
|
From 75d8bba90d8b4cbe1a80381f1dfbd80cbb0fbd60 Mon Sep 17 00:00:00 2001
|
||
|
From: Jerome Marchand <jmarchan@redhat.com>
|
||
|
Date: Tue, 29 Oct 2024 09:01:17 +0100
|
||
|
Subject: [PATCH 8/8] trace-cmd record: Check the length of the protocol
|
||
|
version received
|
||
|
|
||
|
In check_protocol_version we compare the protocol version string with
|
||
|
the expected one ("V3") with memcmp(). The received string could be
|
||
|
longer than the constant string used for the comparison. That could
|
||
|
lead to out of range access.
|
||
|
|
||
|
Use the known length of the fixed "V3" string for the comparison and
|
||
|
check that the received protocol version is not too short.
|
||
|
|
||
|
Fixes a OVERRUN error (CWE-119)
|
||
|
|
||
|
Link: https://lore.kernel.org/20241029080117.625177-9-jmarchan@redhat.com
|
||
|
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
|
||
|
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
|
||
|
---
|
||
|
tracecmd/trace-record.c | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c
|
||
|
index d78c13c2..febf8578 100644
|
||
|
--- a/tracecmd/trace-record.c
|
||
|
+++ b/tracecmd/trace-record.c
|
||
|
@@ -3811,7 +3811,7 @@ static void check_protocol_version(struct tracecmd_msg_handle *msg_handle)
|
||
|
msg_handle->version = V1_PROTOCOL;
|
||
|
tracecmd_plog("Use the v1 protocol\n");
|
||
|
} else {
|
||
|
- if (memcmp(buf, "V3", n) != 0)
|
||
|
+ if (n < 3 || memcmp(buf, "V3", 3) != 0)
|
||
|
die("Cannot handle the protocol %s", buf);
|
||
|
/* OK, let's use v3 protocol */
|
||
|
write(fd, V3_MAGIC, sizeof(V3_MAGIC));
|
||
|
--
|
||
|
2.47.0
|
||
|
|