From 7c09d76e9bd793af8cf027332175abc6d28aa590 Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] 0072-proc/readproc.c: Harden stat2proc(). 1/ Use a "size_t num" instead of an "unsigned num" (also, do not store the return value of sscanf() into num, it was unused anyway). 2/ Check the return value of strchr() and strrchr(). 3/ Never jump over the terminating null byte with "S = tmp + 2". ---------------------------- adapted for newlib branch . newlib doesn't use that 'unlikely' crap . the cmd field is now also dynamic (like cmdline) . thus we must account for potential ENOMEM Signed-off-by: Jim Warner --- proc/readproc.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/proc/readproc.c b/proc/readproc.c index ca5b16f4..940f2627 100644 --- a/proc/readproc.c +++ b/proc/readproc.c @@ -574,7 +574,7 @@ static int sd2proc (proc_t *restrict p) { // Reads /proc/*/stat files, being careful not to trip over processes with // names like ":-) 1 2 3 4 5 6". static int stat2proc (const char* S, proc_t *restrict P) { - unsigned num; + size_t num; char* tmp; ENTER(0x160); @@ -585,15 +585,17 @@ ENTER(0x160); P->sched = -1; P->nlwp = 0; - S = strchr(S, '(') + 1; + S = strchr(S, '('); + if (!S) return 0; + S++; tmp = strrchr(S, ')'); + if (!tmp || !tmp[1]) return 0; num = tmp - S; - if(num >= 16) num = 15; if (!P->cmd && !(P->cmd = strndup(S, num))) return 1; S = tmp + 2; // skip ") " - num = sscanf(S, + sscanf(S, "%c " // state "%d %d %d %d %d " // ppid, pgrp, sid, tty_nr, tty_pgrp "%lu %lu %lu %lu %lu " // flags, min_flt, cmin_flt, maj_flt, cmaj_flt