Commit e3756477 authored by Jeff Mahoney's avatar Jeff Mahoney Committed by Linus Torvalds
Browse files

printk: Fix calculation of length used to discard records 



While tracking down a weird buffer overflow issue in a program that
looked to be sane, I started double checking the length returned by
syslog(SYSLOG_ACTION_READ_ALL, ...) to make sure it wasn't overflowing
the buffer.

Sure enough, it was.  I saw this in strace:

  11339 syslog(SYSLOG_ACTION_READ_ALL, "<5>[244017.708129] REISERFS (dev"..., 8192) = 8279

It turns out that the loops that calculate how much space the entries
will take when they're copied don't include the newlines and prefixes
that will be included in the final output since prev flags is passed as
zero.

This patch properly accounts for it and fixes the overflow.

CC: stable@kernel.org
Signed-off-by: default avatarJeff Mahoney <jeffm@suse.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent f4ba394c

kernel/printk.c

+2 −0
Original line number Diff line number Diff line
@@ -1034,6 +1034,7 @@ static int syslog_print_all(char __user *buf, int size, bool clear) 
			struct log *msg = log_from_idx(idx);



			len += msg_print_text(msg, prev, true, NULL, 0);

			prev = msg->flags;

			idx = log_next(idx);

			seq++;

		}
@@ -1046,6 +1047,7 @@ static int syslog_print_all(char __user *buf, int size, bool clear) 
			struct log *msg = log_from_idx(idx);



			len -= msg_print_text(msg, prev, true, NULL, 0);

			prev = msg->flags;

			idx = log_next(idx);

			seq++;

		}

CRA Git | Maintained and supported by SUSTech CRA and CCSE