diff options
author | philhofer <phofer@umich.edu> | 2018-12-18 20:36:26 -0800 |
---|---|---|
committer | William Hubbs <w.d.hubbs@gmail.com> | 2018-12-24 11:55:48 -0600 |
commit | 084877eb52971faf8f52c780ddd08ed9af140eb6 (patch) | |
tree | b93d79d93039fbe27f9a58fd011e4a8ff27454d0 /man/rc_service.3 | |
parent | 97e74f97347f5798e01a47057efab00906754546 (diff) |
src/librc/librc-daemon.c: fix buffer overrun in pid_is_argv
The contents of /proc/<pid>/cmdline are read into
a stack buffer using
bytes = read(fd, buffer, sizeof(buffer));
followed by appending a null terminator to the buffer with
buffer[bytes] = '\0';
If bytes == sizeof(buffer), then this write is out-of-bounds.
Refactor the code to use rc_getfile instead, since PATH_MAX
is not the maximum size of /proc/<pid>/cmdline. (I hit this
issue in practice while compiling Linux; it tripped the
stack-smashing protector.)
This is roughly the same buffer overflow condition
that was fixed by commit 0ddee9b7d2b8dea810e252ca6a95c457876df120
This fixes #269.
Diffstat (limited to 'man/rc_service.3')
0 files changed, 0 insertions, 0 deletions