projects / packages / libcgroup.git / blame
| Commit | Line | Data |
|---|---|---|
| 9665627f AM |
1 | From 9c80e2cb4bca26993a12027c46a274bb43645630 Mon Sep 17 00:00:00 2001 |
| 2 | From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com> | |
| 3 | Date: Wed, 22 Jun 2016 14:12:46 +0200 | |
| 4 | Subject: [PATCH 3/6] api.c: fix potential buffer overflow | |
| 5 | MIME-Version: 1.0 | |
| 6 | Content-Type: text/plain; charset=UTF-8 | |
| 7 | Content-Transfer-Encoding: 8bit | |
| 8 | ||
| 9 | It is assumed that arguments read from /proc/<pid>/cmdline don't exceed | |
| 10 | buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's | |
| 11 | not always the case. | |
| 12 | ||
| 13 | Add check to prevent buffer overflow and discard the excessive part of | |
| 14 | an argument. | |
| 15 | ||
| 16 | Signed-off-by: Nikola Forró <nforro@redhat.com> | |
| 17 | --- | |
| 18 | src/api.c | 6 +++++- | |
| 19 | 1 file changed, 5 insertions(+), 1 deletion(-) | |
| 20 | ||
| 21 | diff --git a/src/api.c b/src/api.c | |
| 22 | index 217d6c9..4d98081 100644 | |
| 23 | --- a/src/api.c | |
| 24 | +++ b/src/api.c | |
| 25 | @@ -4065,13 +4065,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid, | |
| 26 | ||
| 27 | while (c != EOF) { | |
| 28 | c = fgetc(f); | |
| 29 | - if ((c != EOF) && (c != '\0')) { | |
| 30 | + if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) { | |
| 31 | buf_pname[len] = c; | |
| 32 | len++; | |
| 33 | continue; | |
| 34 | } | |
| 35 | buf_pname[len] = '\0'; | |
| 36 | ||
| 37 | + if (len == FILENAME_MAX - 1) | |
| 38 | + while ((c != EOF) && (c != '\0')) | |
| 39 | + c = fgetc(f); | |
| 40 | + | |
| 41 | /* | |
| 42 | * The taken process name from /proc/<pid>/status is | |
| 43 | * shortened to 15 characters if it is over. So the | |
| 44 | -- | |
| 45 | 2.17.0 | |
| 46 |