From d8dbb890aaca34fc9b342772de0f23a7ea3efaaa Mon Sep 17 00:00:00 2001 From: William Hubbs Date: Sat, 23 Feb 2019 15:42:09 -0600 Subject: Revert "src/librc/librc-daemon.c: fix buffer overrun in pid_is_argv" This reverts commit 084877eb52971faf8f52c780ddd08ed9af140eb6. The mentioned commit caused some systems to have some services reported as crashed. This fixes #297. This fixes #298. --- src/librc/librc-daemon.c | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) (limited to 'src/librc') diff --git a/src/librc/librc-daemon.c b/src/librc/librc-daemon.c index 5a76c880..1bd91eb4 100644 --- a/src/librc/librc-daemon.c +++ b/src/librc/librc-daemon.c @@ -48,40 +48,34 @@ pid_is_exec(pid_t pid, const char *exec) static bool pid_is_argv(pid_t pid, const char *const *argv) { - char *buffer = NULL; char *cmdline = NULL; + int fd; + char buffer[PATH_MAX]; char *p; - size_t bytes; - bool rc; + ssize_t bytes; xasprintf(&cmdline, "/proc/%u/cmdline", pid); - if (!rc_getfile(cmdline, &buffer, &bytes)) { + if ((fd = open(cmdline, O_RDONLY)) < 0) { free(cmdline); return false; } + bytes = read(fd, buffer, sizeof(buffer)); + close(fd); free(cmdline); - if (bytes <= 0) { - if (buffer) - free(buffer); + if (bytes == -1) return false; - } + + buffer[bytes] = '\0'; p = buffer; - rc = true; while (*argv) { - if (strcmp(*argv, p) != 0) { - rc = false; - break; - } - + if (strcmp(*argv, p) != 0) + return false; argv++; p += strlen(p) + 1; - if ((unsigned)(p - buffer) >= bytes) { - rc = false; - break; - } + if ((unsigned)(p - buffer) > sizeof(buffer)) + return false; } - free(buffer); - return rc; + return true; } RC_PIDLIST * -- cgit v1.2.3