871fc3e5db
set Delegate property for cgconfig service to make sure complete cgroup hierarchy is always created by systemd
47 lines
1.3 KiB
Diff
47 lines
1.3 KiB
Diff
From 9c80e2cb4bca26993a12027c46a274bb43645630 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
|
|
Date: Wed, 22 Jun 2016 14:12:46 +0200
|
|
Subject: [PATCH 3/6] api.c: fix potential buffer overflow
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
It is assumed that arguments read from /proc/<pid>/cmdline don't exceed
|
|
buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's
|
|
not always the case.
|
|
|
|
Add check to prevent buffer overflow and discard the excessive part of
|
|
an argument.
|
|
|
|
Signed-off-by: Nikola Forró <nforro@redhat.com>
|
|
---
|
|
src/api.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/api.c b/src/api.c
|
|
index 217d6c9..4d98081 100644
|
|
--- a/src/api.c
|
|
+++ b/src/api.c
|
|
@@ -4065,13 +4065,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid,
|
|
|
|
while (c != EOF) {
|
|
c = fgetc(f);
|
|
- if ((c != EOF) && (c != '\0')) {
|
|
+ if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) {
|
|
buf_pname[len] = c;
|
|
len++;
|
|
continue;
|
|
}
|
|
buf_pname[len] = '\0';
|
|
|
|
+ if (len == FILENAME_MAX - 1)
|
|
+ while ((c != EOF) && (c != '\0'))
|
|
+ c = fgetc(f);
|
|
+
|
|
/*
|
|
* The taken process name from /proc/<pid>/status is
|
|
* shortened to 15 characters if it is over. So the
|
|
--
|
|
2.17.0
|
|
|