From 1b4b4b7f8d4443c3e630838c9b33c9a69fdb6193 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikola=20Forr=C3=B3?= Date: Sun, 19 Jun 2016 17:12:01 +0200 Subject: [PATCH] api.c: fix potential buffer overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It is assumed that arguments read from /proc//cmdline don't exceed buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's not always the case. Add check to prevent buffer overflow and discard the excessive part of an argument. Signed-off-by: Nikola Forró --- src/api.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/api.c b/src/api.c index b40364c..18ce21f 100644 --- a/src/api.c +++ b/src/api.c @@ -4055,13 +4055,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid, while (c != EOF) { c = fgetc(f); - if ((c != EOF) && (c != '\0')) { + if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) { buf_pname[len] = c; len++; continue; } buf_pname[len] = '\0'; + if (len == FILENAME_MAX - 1) + while ((c != EOF) && (c != '\0')) + c = fgetc(f); + /* * The taken process name from /proc//status is * shortened to 15 characters if it is over. So the -- 2.7.4