From bf8b84de0ee1df57c5e880d5745b5cc4691a8b1c Mon Sep 17 00:00:00 2001 From: Jerome Marchand Date: Wed, 15 Jan 2025 14:41:43 +0100 Subject: [PATCH] Prevent buffer overflow in update_pid_filters() Resolves: RHEL-56731 Signed-off-by: Jerome Marchand --- ...t-buffer-overflow-in-update_pid_filt.patch | 37 +++++++++++++++++++ trace-cmd.spec | 6 ++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 trace-cmd-Prevent-buffer-overflow-in-update_pid_filt.patch diff --git a/trace-cmd-Prevent-buffer-overflow-in-update_pid_filt.patch b/trace-cmd-Prevent-buffer-overflow-in-update_pid_filt.patch new file mode 100644 index 0000000..40406d9 --- /dev/null +++ b/trace-cmd-Prevent-buffer-overflow-in-update_pid_filt.patch @@ -0,0 +1,37 @@ +From c76f2404340e4fa3159536355a0e095631fb7920 Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Tue, 29 Oct 2024 09:47:05 +0100 +Subject: [PATCH] trace-cmd: Prevent buffer overflow in update_pid_filters() + +The buffer in which the updated filter is written in +update_pid_filters() is missing one byte to store the null character. + +It fixes the following error: +$ trace-cmd start -e irq:* -e sched:* -P 1 +*** buffer overflow detected ***: terminated +Aborted (core dumped) + +Fixes: 5502bcef0f962 ("trace-cmd: Handle filtered PIDs per ftarce instance") +Link: https://lore.kernel.org/20241029084705.629605-1-jmarchan@redhat.com +Signed-off-by: Jerome Marchand +Signed-off-by: Steven Rostedt (Google) +--- + tracecmd/trace-record.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c +index 6e9b4535..c7c43e17 100644 +--- a/tracecmd/trace-record.c ++++ b/tracecmd/trace-record.c +@@ -2852,7 +2852,7 @@ static void update_pid_filters(struct buffer_instance *instance) + if (fd < 0) + die("Failed to access set_event_pid"); + +- len = instance->len_filter_pids + instance->nr_filter_pids; ++ len = instance->len_filter_pids + instance->nr_filter_pids + 1; + filter = malloc(len); + if (!filter) + die("Failed to allocate pid filter"); +-- +2.47.1 + diff --git a/trace-cmd.spec b/trace-cmd.spec index c66598b..538d8f8 100644 --- a/trace-cmd.spec +++ b/trace-cmd.spec @@ -6,7 +6,7 @@ Name: trace-cmd Version: %{srcversion} -Release: 1%{?dist} +Release: 2%{?dist} License: LGPL-2.1-only AND LGPL-2.1-or-later AND GPL-2.0-only AND GPL-2.0-or-later Summary: A user interface to Ftrace @@ -29,6 +29,7 @@ Patch4: trace-cmd-record-Prevent-memory-leak-in-setup_networ.patch Patch5: trace-cmd-lib-Prevent-memory-leak-in-tracecmd_create.patch Patch6: trace-cmd-mem-Prevent-a-memory-leak-in-trace_mem.patch Patch7: trace-cmd-record-Check-the-length-of-the-protocol-ve.patch +Patch8: trace-cmd-Prevent-buffer-overflow-in-update_pid_filt.patch BuildRequires: make BuildRequires: gcc @@ -110,6 +111,9 @@ rm -rf %{buildroot}/%{_mandir}/man3/* %{_libdir}/%{name}/python/ %changelog +* Wed Jan 15 2025 Jerome Marchand - 3.3.1-2 +- Prevent buffer overflow in update_pid_filters() (RHEL-56731) + * Thu Nov 28 2024 Jerome Marchand - 3.3.1-1 - Rebase to 3.3.1 and backport further SAST patches (RHEL-40111)