There is a buffer overflow in dscr_inherit_test.c test. In main(), strncpy()'s
third argument is the lengh of the source, not the size of the destination
buffer, which makes strncpy() behaves like strcpy(), causing a buffer overflow
if argv[0] is bigger than LEN_MAX (100).
This patch simply limit the string copy to sizeof(prog) less 1 (space for \0).
CC: Anshuman Khandual <khand...@linux.vnet.ibm.com>
Signed-off-by: Breno Leitao <lei...@debian.org>
---
tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c
b/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c
index 08a8b95e3bc1..638e0dc717d5 100644
--- a/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c
+++ b/tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c
@@ -104,6 +104,6 @@ int main(int argc, char *argv[])
exit(1);
}
- strncpy(prog, argv[0], strlen(argv[0]));
+ strncpy(prog, argv[0], sizeof(prog) - 1);
return test_harness(dscr_inherit_exec, "dscr_inherit_exec_test");
}
--
2.17.1
