rpms / libcgroup

Clone
Source Code
GIT

Blame SOURCES/libcgroup-0.41-api.c-fix-potential-buffer-overflow.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta
  1.   3088972957b53e68ffe6180204524fd8a416a592
  2.   SOURCES
  3.   libcgroup-0.41-api.c-fix-potential-buffer-overflow.patch
Blob History Raw
308897 
From 1b4b4b7f8d4443c3e630838c9b33c9a69fdb6193 Mon Sep 17 00:00:00 2001
308897 
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
308897 
Date: Sun, 19 Jun 2016 17:12:01 +0200
308897 
Subject: [PATCH] api.c: fix potential buffer overflow
308897 
MIME-Version: 1.0
308897 
Content-Type: text/plain; charset=UTF-8
308897 
Content-Transfer-Encoding: 8bit
308897
308897 
It is assumed that arguments read from /proc/<pid>/cmdline don't exceed
308897 
buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's
308897 
not always the case.
308897
308897 
Add check to prevent buffer overflow and discard the excessive part of
308897 
an argument.
308897
308897 
Signed-off-by: Nikola Forró <nforro@redhat.com>
308897 
---
308897 
 src/api.c | 6 +++++-
308897 
 1 file changed, 5 insertions(+), 1 deletion(-)
308897
308897 
diff --git a/src/api.c b/src/api.c
308897 
index b40364c..18ce21f 100644
308897 
--- a/src/api.c
308897 
+++ b/src/api.c
308897 
@@ -4055,13 +4055,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid,
308897
308897 
 	while (c != EOF) {
308897 
 		c = fgetc(f);
308897 
-		if ((c != EOF) && (c != '\0')) {
308897 
+		if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) {
308897 
 			buf_pname[len] = c;
308897 
 			len++;
308897 
 			continue;
308897 
 		}
308897 
 		buf_pname[len] = '\0';
308897
308897 
+		if (len == FILENAME_MAX - 1)
308897 
+			while ((c != EOF) && (c != '\0'))
308897 
+				c = fgetc(f);
308897 
+
308897 
 		/*
308897 
 		 * The taken process name from /proc/<pid>/status is
308897 
 		 * shortened to 15 characters if it is over. So the
308897 
--
308897 
2.7.4
308897

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation