Skip to content

Commit

Permalink
Merge tag 'printk-for-5.11-urgent-fixup' of git://git.kernel.org/pub/…
Browse files Browse the repository at this point in the history
…scm/linux/kernel/git/printk/linux

Pull printk fix from Petr Mladek:
 "The fix of a potential buffer overflow in 5.11-rc5 introduced another
  one. The trailing '\0' might be written up to the message "len" past
  the buffer. Fortunately, it is not that easy to hit.

  Most readers use 1kB buffers for a single message. Typical messages
  fit into the temporary buffer with enough reserve.

  Also readers do not rely on the '\0'. It is related to the previous
  fix. Some readers required the space for the trailing '\0'. We decided
  to write it there to avoid such regressions in the future.

  The most realistic victims are dumpers using kmsg_dump_get_buffer().
  They are filling the entire buffer with as many messages as possible.
  They are typically used when handling panic()"

* tag 'printk-for-5.11-urgent-fixup' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux:
  printk: fix string termination for record_print_text()
  • Loading branch information
Linus Torvalds committed Jan 25, 2021
2 parents 6ee1d74 + 61bb17d commit 007ad27
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion kernel/printk/printk.c
Original file line number Diff line number Diff line change
Expand Up @@ -1398,7 +1398,7 @@ static size_t record_print_text(struct printk_record *r, bool syslog,
* not counted in the return value.
*/
if (buf_size > 0)
text[len] = 0;
r->text_buf[len] = 0;

return len;
}
Expand Down

0 comments on commit 007ad27

Please sign in to comment.