Commit c03d630a authored Nov 12, 2024 by Leo Yan Committed by Li Huafei Nov 11, 2024

tracing: Consider the NULL character when validating the event length

stable inclusion
from stable-v6.6.59
commit a14a075a14af8d622c576145455702591bdde09d
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2BWY
CVE: CVE-2024-50131

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a14a075a14af8d622c576145455702591bdde09d

--------------------------------

[ Upstream commit 0b6e2e22cb23105fcb171ab92f0f7516c69c8471 ]

strlen() returns a string length excluding the null byte. If the string
length equals to the maximum buffer length, the buffer will have no
space for the NULL terminating character.

This commit checks this condition and returns failure for it.

Link: https://lore.kernel.org/all/20241007144724.920954-1-leo.yan@arm.com/



Fixes: dec65d79 ("tracing/probe: Check event name length correctly")
Signed-off-by: Leo Yan <leo.yan@arm.com>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Li Huafei <lihuafei1@huawei.com>

parent 42f14677

kernel/trace/trace_probe.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -276,7 +276,7 @@ int traceprobe_parse_event_name(const char pevent, const char pgroup,
		}
		trace_probe_log_err(offset, NO_EVENT_NAME);
		return -EINVAL;
		} else if (len > MAX_EVENT_NAME_LEN) {
		} else if (len >= MAX_EVENT_NAME_LEN) {
		trace_probe_log_err(offset, EVENT_TOO_LONG);
		return -EINVAL;
		}