|
 |
58c03c |
commit 6b93714b83d59ae4147b8ec3887261aca7fd6f65
|
|
|
58c03c |
Author: Dave Anderson <anderson@redhat.com>
|
|
|
58c03c |
Date: Mon Jan 7 10:44:29 2019 -0500
|
|
|
58c03c |
|
|
|
58c03c |
Prevent a SIGSEGV if a user attempts to input a command line that
|
|
|
58c03c |
exceeds the maximum length of 1500 bytes. The patch displays an
|
|
|
58c03c |
error message and ignores the command line.
|
|
|
58c03c |
(anderson@redhat.com)
|
|
|
58c03c |
|
|
|
58c03c |
diff --git a/cmdline.c b/cmdline.c
|
|
|
58c03c |
index 665f48c..796f7c5 100644
|
|
|
58c03c |
--- a/cmdline.c
|
|
|
58c03c |
+++ b/cmdline.c
|
|
|
58c03c |
@@ -1,8 +1,8 @@
|
|
|
58c03c |
/* cmdline.c - core analysis suite
|
|
|
58c03c |
*
|
|
|
58c03c |
* Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc.
|
|
|
58c03c |
- * Copyright (C) 2002-2015,2017 David Anderson
|
|
|
58c03c |
- * Copyright (C) 2002-2015,2017 Red Hat, Inc. All rights reserved.
|
|
|
58c03c |
+ * Copyright (C) 2002-2015,2019 David Anderson
|
|
|
58c03c |
+ * Copyright (C) 2002-2015,2019 Red Hat, Inc. All rights reserved.
|
|
|
58c03c |
*
|
|
|
58c03c |
* This program is free software; you can redistribute it and/or modify
|
|
|
58c03c |
* it under the terms of the GNU General Public License as published by
|
|
|
58c03c |
@@ -121,9 +121,11 @@ process_command_line(void)
|
|
|
58c03c |
args[0] = NULL;
|
|
|
58c03c |
fprintf(fp, "\n");
|
|
|
58c03c |
return;
|
|
|
58c03c |
- }
|
|
|
58c03c |
-
|
|
|
58c03c |
- strcpy(pc->command_line, pc->readline);
|
|
|
58c03c |
+ }
|
|
|
58c03c |
+ if (strlen(pc->readline) >= BUFSIZE)
|
|
|
58c03c |
+ error(FATAL, "input line exceeds maximum of 1500 bytes\n");
|
|
|
58c03c |
+ else
|
|
|
58c03c |
+ strcpy(pc->command_line, pc->readline);
|
|
|
58c03c |
free(pc->readline);
|
|
|
58c03c |
|
|
|
58c03c |
clean_line(pc->command_line);
|