emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

proc/readproc.c: Harden simple_nextpid().

Browse Source 
Replace memcpy+strcpy with snprintf.
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 263c0ebdd8
commit 1b8ec51013
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
proc/readproc.c
View File

@ -1224,8 +1224,7 @@ static int simple_nextpid(PROCTAB *restrict const PT, proc_t *restrict const p)
} }
p->tgid = strtoul(ent->d_name, NULL, 10); p->tgid = strtoul(ent->d_name, NULL, 10);
p->tid = p->tgid; p->tid = p->tgid;
memcpy(path, "/proc/", 6); snprintf(path, PROCPATHLEN, "/proc/%s", ent->d_name);
strcpy(path+6, ent->d_name); // trust /proc to not contain evil top-level entries
return 1; return 1;
} }