Kernel analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

39 lines
1.3 KiB

commit 6b93714b83d59ae4147b8ec3887261aca7fd6f65
Author: Dave Anderson <anderson@redhat.com>
Date: Mon Jan 7 10:44:29 2019 -0500
Prevent a SIGSEGV if a user attempts to input a command line that
exceeds the maximum length of 1500 bytes. The patch displays an
error message and ignores the command line.
(anderson@redhat.com)
diff --git a/cmdline.c b/cmdline.c
index 665f48c..796f7c5 100644
--- a/cmdline.c
+++ b/cmdline.c
@@ -1,8 +1,8 @@
/* cmdline.c - core analysis suite
*
* Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc.
- * Copyright (C) 2002-2015,2018 David Anderson
- * Copyright (C) 2002-2015,2018 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2002-2015,2019 David Anderson
+ * Copyright (C) 2002-2015,2019 Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -121,9 +121,11 @@ process_command_line(void)
args[0] = NULL;
fprintf(fp, "\n");
return;
- }
-
- strcpy(pc->command_line, pc->readline);
+ }
+ if (strlen(pc->readline) >= BUFSIZE)
+ error(FATAL, "input line exceeds maximum of 1500 bytes\n");
+ else
+ strcpy(pc->command_line, pc->readline);
free(pc->readline);
clean_line(pc->command_line);