Commit 15b63467 authored by Steven Rostedt (VMware)'s avatar Steven Rostedt (VMware) Committed by Stefan Bader

tracing: Fix regex_match_front() to not over compare the test string

BugLink: http://bugs.launchpad.net/bugs/1774173

commit dc432c3d upstream.

The regex match function regex_match_front() in the tracing filter logic,
was fixed to test just the pattern length from testing the entire test
string. That is, it went from strncmp(str, r->pattern, len) to
strcmp(str, r->pattern, r->len).

The issue is that str is not guaranteed to be nul terminated, and if r->len
is greater than the length of str, it can access more memory than is
allocated.

The solution is to add a simple test if (len < r->len) return 0.

Cc: stable@vger.kernel.org
Fixes: 285caad4 ("tracing/filters: Fix MATCH_FRONT_ONLY filter matching")
Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent 49f8eea9
...@@ -322,6 +322,9 @@ static int regex_match_full(char *str, struct regex *r, int len) ...@@ -322,6 +322,9 @@ static int regex_match_full(char *str, struct regex *r, int len)
static int regex_match_front(char *str, struct regex *r, int len) static int regex_match_front(char *str, struct regex *r, int len)
{ {
if (len < r->len)
return 0;
if (strncmp(str, r->pattern, r->len) == 0) if (strncmp(str, r->pattern, r->len) == 0)
return 1; return 1;
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment