emo/openrc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "src/librc/librc-daemon.c: fix buffer overrun in pid_is_argv"

Browse Source 
This reverts commit 084877eb52.
The mentioned commit caused some systems to have some services reported
as crashed.

This fixes #297.
This fixes #298.
This commit is contained in:
William Hubbs 2019-02-23 15:42:09 -06:00
parent 56c006ebd6
commit d8dbb890aa
1 changed files with 15 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/librc/librc-daemon.c
View File

@ -48,40 +48,34 @@ pid_is_exec(pid_t pid, const char *exec)
static bool static bool
pid_is_argv(pid_t pid, const char *const *argv) pid_is_argv(pid_t pid, const char *const *argv)
{ {
char *buffer = NULL;
char *cmdline = NULL; char *cmdline = NULL;
int fd;
char buffer[PATH_MAX];
char *p; char *p;
size_t bytes; ssize_t bytes;
bool rc;
xasprintf(&cmdline, "/proc/%u/cmdline", pid); xasprintf(&cmdline, "/proc/%u/cmdline", pid);
if (!rc_getfile(cmdline, &buffer, &bytes)) { if ((fd = open(cmdline, O_RDONLY)) < 0) {
free(cmdline); free(cmdline);
return false; return false;
} }
bytes = read(fd, buffer, sizeof(buffer));
close(fd);
free(cmdline); free(cmdline);
if (bytes <= 0) { if (bytes == -1)
if (buffer)
free(buffer);
return false; return false;
}
p = buffer;
rc = true;
while (*argv) {
if (strcmp(*argv, p) != 0) {
rc = false;
break;
}
buffer[bytes] = '\0';
p = buffer;
while (*argv) {
if (strcmp(*argv, p) != 0)
return false;
argv++; argv++;
p += strlen(p) + 1; p += strlen(p) + 1;
if ((unsigned)(p - buffer) >= bytes) { if ((unsigned)(p - buffer) > sizeof(buffer))
rc = false; return false;
break;
} }
} return true;
free(buffer);
return rc;
} }
RC_PIDLIST * RC_PIDLIST *