diff options
| author | philhofer <phofer@umich.edu> | 2018-12-18 21:02:24 -0800 |
|---|---|---|
| committer | William Hubbs <w.d.hubbs@gmail.com> | 2018-12-27 11:28:27 -0600 |
| commit | 846e4600754dab3f0cb49edb4ad9e2b2b73d3f47 (patch) | |
| tree | 037e9c5f49a983a7d92bca78ebdd074087ecdbf0 /runlevels | |
| parent | a32b14bbb43e9888acaaea6f764fb8dcb34fb941 (diff) | |
fix potential out-of-bounds reads
readlink(3) does not nul-terminate the result it sticks
into the supplied buffer. Consequently, the code
rc = readlink(path, buf, sizeof(buf));
does not necessarily produce a C string.
The code in rc_find_pid() produces some C strings this way
and passes them to strlen() and strcmp(), which can lead
to an out-of-bounds read.
In this case, since the code already takes care to
zero-initialize the buffers before passing them
to readlink(3), only allow sizeof(buf)-1 bytes to
be returned.
(While fixing this issue, I fixed two other locations that
used the same problematic pattern.)
This fixes #270.
Diffstat (limited to 'runlevels')
0 files changed, 0 insertions, 0 deletions