summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristophe JAILLET <christophe.jaillet@wanadoo.fr>2023-11-25 15:05:04 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2024-01-26 02:36:00 +0300
commit99719bb0c281e3a8aac07b881ab8eaf53a270988 (patch)
treeab6979e35d30a0ac96eba4b083668abc613fc48e
parent8836df02124f037cdcd821623c6ac45dcedcb593 (diff)
downloadlinux-99719bb0c281e3a8aac07b881ab8eaf53a270988.tar.xz
kdb: Fix a potential buffer overflow in kdb_local()
[ Upstream commit 4f41d30cd6dc865c3cbc1a852372321eba6d4e4c ] When appending "[defcmd]" to 'kdb_prompt_str', the size of the string already in the buffer should be taken into account. An option could be to switch from strncat() to strlcat() which does the correct test to avoid such an overflow. However, this actually looks as dead code, because 'defcmd_in_progress' can't be true here. See a more detailed explanation at [1]. [1]: https://lore.kernel.org/all/CAD=FV=WSh7wKN7Yp-3wWiDgX4E3isQ8uh0LCzTmd1v9Cg9j+nQ@mail.gmail.com/ Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Reviewed-by: Douglas Anderson <dianders@chromium.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
-rw-r--r--kernel/debug/kdb/kdb_main.c2
1 files changed, 0 insertions, 2 deletions
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
index 438b868cbfa9..35aa2e98a92a 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -1349,8 +1349,6 @@ do_full_getstr:
/* PROMPT can only be set if we have MEM_READ permission. */
snprintf(kdb_prompt_str, CMD_BUFLEN, kdbgetenv("PROMPT"),
raw_smp_processor_id());
- if (defcmd_in_progress)
- strncat(kdb_prompt_str, "[defcmd]", CMD_BUFLEN);
/*
* Fetch command from keyboard