src/librc/librc-daemon.c: fix buffer overrun in pid_is_argv - navi/openrc.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	philhofer <phofer@umich.edu>	2018-12-18 20:36:26 -0800
committer	William Hubbs <w.d.hubbs@gmail.com>	2018-12-24 11:55:48 -0600
commit	084877eb52971faf8f52c780ddd08ed9af140eb6 (patch)
tree	b93d79d93039fbe27f9a58fd011e4a8ff27454d0 /src/rc/do_e.c
parent	97e74f97347f5798e01a47057efab00906754546 (diff)

src/librc/librc-daemon.c: fix buffer overrun in pid_is_argv

The contents of /proc/<pid>/cmdline are read into a stack buffer using bytes = read(fd, buffer, sizeof(buffer)); followed by appending a null terminator to the buffer with buffer[bytes] = '\0'; If bytes == sizeof(buffer), then this write is out-of-bounds. Refactor the code to use rc_getfile instead, since PATH_MAX is not the maximum size of /proc/<pid>/cmdline. (I hit this issue in practice while compiling Linux; it tripped the stack-smashing protector.) This is roughly the same buffer overflow condition that was fixed by commit 0ddee9b7d2b8dea810e252ca6a95c457876df120 This fixes #269.

Diffstat (limited to 'src/rc/do_e.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: