RAVENPLAT-199: CVE-2017-0605 vulnerability in kernel trace subsystem [1/1]

PD#SWPL-15901 Problem: Elevation of privilege vulnerability in kernel trace subsystem (device specific) Solution: use strlcpy instead of strcpy Platform: Raven Verify: Raven Change-Id: Ie0214a88c4194f892f8f7cda4965c1931e415bbc Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
2026-03-24 19:40:21 +09:00 · 2018-12-28 08:47:36 +08:00
parent 13d1374b84
commit 3b8437f9c2
1 changed files with 1 additions and 1 deletions
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1864,7 +1864,7 @@ static void __trace_find_cmdline(int pid, char comm[])

 	map = savedcmd->map_pid_to_cmdline[pid];
 	if (map != NO_CMDLINE_MAP)
-		strcpy(comm, get_saved_cmdlines(map));
+		strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN-1);
 	else
 		strcpy(comm, "<...>");
 }