Commit 007ad27d authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'printk-for-5.11-urgent-fixup' of...

Merge tag 'printk-for-5.11-urgent-fixup' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux

Pull printk fix from Petr Mladek:
 "The fix of a potential buffer overflow in 5.11-rc5 introduced another
  one. The trailing '\0' might be written up to the message "len" past
  the buffer. Fortunately, it is not that easy to hit.

  Most readers use 1kB buffers for a single message. Typical messages
  fit into the temporary buffer with enough reserve.

  Also readers do not rely on the '\0'. It is related to the previous
  fix. Some readers required the space for the trailing '\0'. We decided
  to write it there to avoid such regressions in the future.

  The most realistic victims are dumpers using kmsg_dump_get_buffer().
  They are filling the entire buffer with as many messages as possible.
  They are typically used when handling panic()"

* tag 'printk-for-5.11-urgent-fixup' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux:
  printk: fix string termination for record_print_text()
parents 6ee1d745 61bb17da
...@@ -1398,7 +1398,7 @@ static size_t record_print_text(struct printk_record *r, bool syslog, ...@@ -1398,7 +1398,7 @@ static size_t record_print_text(struct printk_record *r, bool syslog,
* not counted in the return value. * not counted in the return value.
*/ */
if (buf_size > 0) if (buf_size > 0)
text[len] = 0; r->text_buf[len] = 0;
return len; return len;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment