You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.3 KiB
46 lines
1.3 KiB
From 1b4b4b7f8d4443c3e630838c9b33c9a69fdb6193 Mon Sep 17 00:00:00 2001 |
|
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com> |
|
Date: Sun, 19 Jun 2016 17:12:01 +0200 |
|
Subject: [PATCH] api.c: fix potential buffer overflow |
|
MIME-Version: 1.0 |
|
Content-Type: text/plain; charset=UTF-8 |
|
Content-Transfer-Encoding: 8bit |
|
|
|
It is assumed that arguments read from /proc/<pid>/cmdline don't exceed |
|
buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's |
|
not always the case. |
|
|
|
Add check to prevent buffer overflow and discard the excessive part of |
|
an argument. |
|
|
|
Signed-off-by: Nikola Forró <nforro@redhat.com> |
|
--- |
|
src/api.c | 6 +++++- |
|
1 file changed, 5 insertions(+), 1 deletion(-) |
|
|
|
diff --git a/src/api.c b/src/api.c |
|
index b40364c..18ce21f 100644 |
|
--- a/src/api.c |
|
+++ b/src/api.c |
|
@@ -4055,13 +4055,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid, |
|
|
|
while (c != EOF) { |
|
c = fgetc(f); |
|
- if ((c != EOF) && (c != '\0')) { |
|
+ if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) { |
|
buf_pname[len] = c; |
|
len++; |
|
continue; |
|
} |
|
buf_pname[len] = '\0'; |
|
|
|
+ if (len == FILENAME_MAX - 1) |
|
+ while ((c != EOF) && (c != '\0')) |
|
+ c = fgetc(f); |
|
+ |
|
/* |
|
* The taken process name from /proc/<pid>/status is |
|
* shortened to 15 characters if it is over. So the |
|
-- |
|
2.7.4 |
|
|
|
|