From 91db4e07b9ff670fa4f1f8e828bef0da2f31f34f Mon Sep 17 00:00:00 2001
From: Hanjie Lin <hanjie.lin@amlogic.com>
Date: Fri, 28 Dec 2018 08:47:36 +0800
Subject: [PATCH] RAVENPLAT-199: CVE-2017-0605 vulnerability in kernel trace
 subsystem [1/1]

PD#SWPL-15901

Problem:
Elevation of privilege vulnerability in kernel trace subsystem
(device specific)

Solution:
use strlcpy instead of strcpy

Platform:
Raven

Verify:
Raven

Change-Id: Ie0214a88c4194f892f8f7cda4965c1931e415bbc
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
---
 kernel/trace/trace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 35cfccbede3d..b7c2012d4256 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1864,7 +1864,7 @@ static void __trace_find_cmdline(int pid, char comm[])
 
 	map = savedcmd->map_pid_to_cmdline[pid];
 	if (map != NO_CMDLINE_MAP)
-		strcpy(comm, get_saved_cmdlines(map));
+		strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN-1);
 	else
 		strcpy(comm, "<...>");
 }