)]}'
{
  "commit": "35adf9a4e55e0b0a9d5e313e65ad83681dc32e9a",
  "tree": "90f2e683c6d9d7a2c2c7b5be7265951e9f8d4af6",
  "parents": [
    "1a0e93df1e107dc766fdf86ae88076efd9f376e6"
  ],
  "author": {
    "name": "Adrian Hunter",
    "email": "adrian.hunter@intel.com",
    "time": "Fri Jul 01 12:44:03 2022 +0300"
  },
  "committer": {
    "name": "Luis Chamberlain",
    "email": "mcgrof@kernel.org",
    "time": "Fri Jul 01 14:36:49 2022 -0700"
  },
  "message": "modules: Fix corruption of /proc/kallsyms\n\nThe commit 91fb02f31505 (\"module: Move kallsyms support into a separate\nfile\") changed from using strlcpy() to using strscpy() which created a\nbuffer overflow. That happened because:\n 1) an incorrect value was passed as the buffer length\n 2) strscpy() (unlike strlcpy()) may copy beyond the length of the\n    input string when copying word-by-word.\nThe assumption was that because it was already known that the strings\nbeing copied would fit in the space available, it was not necessary\nto correctly set the buffer length.  strscpy() breaks that assumption\nbecause although it will not touch bytes beyond the given buffer length\nit may write bytes beyond the input string length when writing\nword-by-word.\n\nThe result of the buffer overflow is to corrupt the symbol type\ninformation that follows. e.g.\n\n $ sudo cat -v /proc/kallsyms | grep \u0027\\^\u0027 | head\n ffffffffc0615000 ^@ rfcomm_session_get  [rfcomm]\n ffffffffc061c060 ^@ session_list        [rfcomm]\n ffffffffc06150d0 ^@ rfcomm_send_frame   [rfcomm]\n ffffffffc0615130 ^@ rfcomm_make_uih     [rfcomm]\n ffffffffc07ed58d ^@ bnep_exit   [bnep]\n ffffffffc07ec000 ^@ bnep_rx_control     [bnep]\n ffffffffc07ec1a0 ^@ bnep_session        [bnep]\n ffffffffc07e7000 ^@ input_leds_event    [input_leds]\n ffffffffc07e9000 ^@ input_leds_handler  [input_leds]\n ffffffffc07e7010 ^@ input_leds_disconnect       [input_leds]\n\nNotably, the null bytes (represented above by ^@) can confuse tools.\n\nFix by correcting the buffer length.\n\nFixes: 91fb02f31505 (\"module: Move kallsyms support into a separate file\")\nSigned-off-by: Adrian Hunter \u003cadrian.hunter@intel.com\u003e\nSigned-off-by: Luis Chamberlain \u003cmcgrof@kernel.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "3e11523bc6f622b36a14bde544c1e6ad89ccbe0e",
      "old_mode": 33188,
      "old_path": "kernel/module/kallsyms.c",
      "new_id": "18c23545b98450ca8efeeeb2428924b8b652a274",
      "new_mode": 33188,
      "new_path": "kernel/module/kallsyms.c"
    }
  ]
}