[Kgdb-bugreport] [PATCH] kdb: Fix a potential buffer overflow in kdb_local()

Christophe JAILLET Sat, 28 Oct 2023 06:55:24 -0700

When appending "[defcmd]" to 'kdb_prompt_str', the size of the string
already in the buffer should be taken into account.


Switch from strncat() to strlcat() which does the correct test to avoid
such an overflow.

Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)")
Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
 kernel/debug/kdb/kdb_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
index 438b868cbfa9..e5f0bf0f45d1 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -1350,7 +1350,7 @@ static int kdb_local(kdb_reason_t reason, int error, 
struct pt_regs *regs,
                snprintf(kdb_prompt_str, CMD_BUFLEN, kdbgetenv("PROMPT"),
                         raw_smp_processor_id());
                if (defcmd_in_progress)
-                       strncat(kdb_prompt_str, "[defcmd]", CMD_BUFLEN);
+                       strlcat(kdb_prompt_str, "[defcmd]", CMD_BUFLEN);
 
                /*
                 * Fetch command from keyboard
-- 
2.34.1



_______________________________________________
Kgdb-bugreport mailing list
Kgdb-bugreport@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/kgdb-bugreport

[Kgdb-bugreport] [PATCH] kdb: Fix a potential buffer overflow in kdb_local()

Reply via email to