commit 6b93714b83d59ae4147b8ec3887261aca7fd6f65 Author: Dave Anderson Date: Mon Jan 7 10:44:29 2019 -0500 Prevent a SIGSEGV if a user attempts to input a command line that exceeds the maximum length of 1500 bytes. The patch displays an error message and ignores the command line. (anderson@redhat.com) diff --git a/cmdline.c b/cmdline.c index 665f48c..796f7c5 100644 --- a/cmdline.c +++ b/cmdline.c @@ -1,8 +1,8 @@ /* cmdline.c - core analysis suite * * Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc. - * Copyright (C) 2002-2015,2017 David Anderson - * Copyright (C) 2002-2015,2017 Red Hat, Inc. All rights reserved. + * Copyright (C) 2002-2015,2019 David Anderson + * Copyright (C) 2002-2015,2019 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -121,9 +121,11 @@ process_command_line(void) args[0] = NULL; fprintf(fp, "\n"); return; - } - - strcpy(pc->command_line, pc->readline); + } + if (strlen(pc->readline) >= BUFSIZE) + error(FATAL, "input line exceeds maximum of 1500 bytes\n"); + else + strcpy(pc->command_line, pc->readline); free(pc->readline); clean_line(pc->command_line);