|
Message-ID: <20171130001619.GR6217@eros> Date: Thu, 30 Nov 2017 11:16:19 +1100 From: "Tobin C. Harding" <me@...in.cc> To: Steven Rostedt <rostedt@...dmis.org> Cc: Tycho Andersen <tycho@...ho.ws>, Daniel Borkmann <daniel@...earbox.net>, Masahiro Yamada <yamada.masahiro@...ionext.com>, "David S. Miller" <davem@...emloft.net>, Alexei Starovoitov <ast@...nel.org>, Network Development <netdev@...r.kernel.org>, linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: [RFC 1/3] kallsyms: don't leak address when symbol not found I reordered the To's and CC's, I hope this doesn't break threading. (clearly I haven't groked email yet :( ) On Tue, Nov 28, 2017 at 09:30:17AM +1100, Tobin C. Harding wrote: > Currently if kallsyms_lookup() fails to find the symbol then the address > is printed. This potentially leaks sensitive information. Instead of > printing the address we can return an error, giving the calling code the > option to print the address or print some sanitized message. > > Return error instead of printing address to argument buffer. Leave > buffer in a sane state. > > Signed-off-by: Tobin C. Harding <me@...in.cc> > --- > kernel/kallsyms.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c > index 531ffa984bc2..4bfa4ee3ce93 100644 > --- a/kernel/kallsyms.c > +++ b/kernel/kallsyms.c > @@ -394,8 +394,10 @@ static int __sprint_symbol(char *buffer, unsigned long address, > > address += symbol_offset; > name = kallsyms_lookup(address, &size, &offset, &modname, buffer); > - if (!name) > - return sprintf(buffer, "0x%lx", address - symbol_offset); > + if (!name) { > + buffer[0] = '\0'; > + return -1; > + } > > if (name != buffer) > strcpy(buffer, name); > -- > 2.7.4 > Do you want a Suggested-by: tag for this patch Steve? I mentioned you in the cover letter but as far as going into the git history I'm not entirely sure on the protocol for adding suggested-by. The kernel docs say not to add it without authorization, so ... thanks, Tobin.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.