Commit 6b30f189 authored Nov 25, 2023 by Christophe JAILLET Committed by sanglipeng1 May 31, 2024

kdb: Fix a potential buffer overflow in kdb_local()

stable inclusion
from stable-v5.10.209
commit b44e1aec8038d9007e988f7068f333fa0ad73943
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I9U3NW

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b44e1aec8038d9007e988f7068f333fa0ad73943

--------------------------------

[ Upstream commit 4f41d30cd6dc865c3cbc1a852372321eba6d4e4c ]

When appending "[defcmd]" to 'kdb_prompt_str', the size of the string
already in the buffer should be taken into account.

An option could be to switch from strncat() to strlcat() which does the
correct test to avoid such an overflow.

However, this actually looks as dead code, because 'defcmd_in_progress'
can't be true here.
See a more detailed explanation at [1].

[1]: https://lore.kernel.org/all/CAD=FV=WSh7wKN7Yp-3wWiDgX4E3isQ8uh0LCzTmd1v9Cg9j+nQ@mail.gmail.com/



Fixes: 5d5314d6 ("kdb: core for kgdb back end (1 of 2)")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: sanglipeng1 <sanglipeng1@jd.com>

parent 7610d0a2

kernel/debug/kdb/kdb_main.c

+0 −2

Original line number	Diff line number	Diff line
		@@ -1364,8 +1364,6 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs,
		/* PROMPT can only be set if we have MEM_READ permission. */
		snprintf(kdb_prompt_str, CMD_BUFLEN, kdbgetenv("PROMPT"),
		raw_smp_processor_id());
		if (defcmd_in_progress)
		strncat(kdb_prompt_str, "[defcmd]", CMD_BUFLEN);

		/*
		* Fetch command from keyboard