aboutsummaryrefslogtreecommitdiff
path: root/README.newnet
diff options
context:
space:
mode:
authorphilhofer <phofer@umich.edu>2018-12-18 20:36:26 -0800
committerWilliam Hubbs <w.d.hubbs@gmail.com>2018-12-24 11:55:48 -0600
commit084877eb52971faf8f52c780ddd08ed9af140eb6 (patch)
treeb93d79d93039fbe27f9a58fd011e4a8ff27454d0 /README.newnet
parent97e74f97347f5798e01a47057efab00906754546 (diff)
src/librc/librc-daemon.c: fix buffer overrun in pid_is_argv
The contents of /proc/<pid>/cmdline are read into a stack buffer using bytes = read(fd, buffer, sizeof(buffer)); followed by appending a null terminator to the buffer with buffer[bytes] = '\0'; If bytes == sizeof(buffer), then this write is out-of-bounds. Refactor the code to use rc_getfile instead, since PATH_MAX is not the maximum size of /proc/<pid>/cmdline. (I hit this issue in practice while compiling Linux; it tripped the stack-smashing protector.) This is roughly the same buffer overflow condition that was fixed by commit 0ddee9b7d2b8dea810e252ca6a95c457876df120 This fixes #269.
Diffstat (limited to 'README.newnet')
0 files changed, 0 insertions, 0 deletions