1. Patchew
  2. linux
  3. View series

[PATCH] module: stats: use strscpy() to copy failed module name

Naveen Kumar Chaudhary posted 1 patch 4 days, 15 hours ago 
kernel/module/stats.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] module: stats: use strscpy() to copy failed module name
Posted by Naveen Kumar Chaudhary 4 days, 15 hours ago 
try_add_failed_module() uses memcpy() with strlen(name) as the length to
copy a module name into mod_fail->name, a fixed-size buffer of
MODULE_NAME_LEN bytes. This is an issue as it does no bounds check.

Current callers always pass names originating from mod->name
(char[MODULE_NAME_LEN]), so this is not exploitable today. However the
function accepts a plain const char * with no documented length contract,
making it a latent buffer overflow if a future caller passes a longer
string.

Replace memcpy() with strscpy(), which bounds the copy to
MODULE_NAME_LEN and always NUL-terminates.

Signed-off-by: Naveen Kumar Chaudhary <naveen.osdev@gmail.com>
---
 kernel/module/stats.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/module/stats.c b/kernel/module/stats.c
index 3a9672f93a8e..08724baca773 100644
--- a/kernel/module/stats.c
+++ b/kernel/module/stats.c
@@ -253,7 +253,7 @@ int try_add_failed_module(const char *name, enum fail_dup_mod_reason reason)
 	mod_fail = kzalloc_obj(*mod_fail);
 	if (!mod_fail)
 		return -ENOMEM;
-	memcpy(mod_fail->name, name, strlen(name));
+	strscpy(mod_fail->name, name, MODULE_NAME_LEN);
 	__set_bit(reason, &mod_fail->dup_fail_mask);
 	atomic_long_inc(&mod_fail->count);
 	list_add_rcu(&mod_fail->list, &dup_failed_modules);
-- 
2.43.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.