Commit 2fb4f949 authored Nov 12, 2024 by Leo Yan Committed by Li Huafei Nov 11, 2024

tracing: Consider the NULL character when validating the event length

stable inclusion
from stable-v5.10.229
commit 02874ca52df2ca2423ba6122039315ed61c25972
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2BWY
CVE: CVE-2024-50131

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=02874ca52df2ca2423ba6122039315ed61c25972

--------------------------------

[ Upstream commit 0b6e2e22cb23105fcb171ab92f0f7516c69c8471 ]

strlen() returns a string length excluding the null byte. If the string
length equals to the maximum buffer length, the buffer will have no
space for the NULL terminating character.

This commit checks this condition and returns failure for it.

Link: https://lore.kernel.org/all/20241007144724.920954-1-leo.yan@arm.com/



Fixes: dec65d79 ("tracing/probe: Check event name length correctly")
Signed-off-by: Leo Yan <leo.yan@arm.com>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Li Huafei <lihuafei1@huawei.com>

parent a2a2cb65

kernel/trace/trace_probe.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -258,7 +258,7 @@ int traceprobe_parse_event_name(const char pevent, const char pgroup,
		if (len == 0) {
		trace_probe_log_err(offset, NO_EVENT_NAME);
		return -EINVAL;
		} else if (len > MAX_EVENT_NAME_LEN) {
		} else if (len >= MAX_EVENT_NAME_LEN) {
		trace_probe_log_err(offset, EVENT_TOO_LONG);
		return -EINVAL;
		}