0072-proc/readproc.c: Harden stat2proc().

1/ Use a "size_t num" instead of an "unsigned num" (also, do not store
the return value of sscanf() into num, it was unused anyway).

2/ Check the return value of strchr() and strrchr().

3/ Never jump over the terminating null byte with "S = tmp + 2".

---------------------------- adapted for newlib branch
. newlib doesn't use that 'unlikely' crap
. the cmd field is now also dynamic (like cmdline)
. thus we must account for potential ENOMEM

Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent ec0cb25af6
commit 7c09d76e9b

View File

@ -574,7 +574,7 @@ static int sd2proc (proc_t *restrict p) {
// Reads /proc/*/stat files, being careful not to trip over processes with // Reads /proc/*/stat files, being careful not to trip over processes with
// names like ":-) 1 2 3 4 5 6". // names like ":-) 1 2 3 4 5 6".
static int stat2proc (const char* S, proc_t *restrict P) { static int stat2proc (const char* S, proc_t *restrict P) {
unsigned num; size_t num;
char* tmp; char* tmp;
ENTER(0x160); ENTER(0x160);
@ -585,15 +585,17 @@ ENTER(0x160);
P->sched = -1; P->sched = -1;
P->nlwp = 0; P->nlwp = 0;
S = strchr(S, '(') + 1; S = strchr(S, '(');
if (!S) return 0;
S++;
tmp = strrchr(S, ')'); tmp = strrchr(S, ')');
if (!tmp || !tmp[1]) return 0;
num = tmp - S; num = tmp - S;
if(num >= 16) num = 15;
if (!P->cmd && !(P->cmd = strndup(S, num))) if (!P->cmd && !(P->cmd = strndup(S, num)))
return 1; return 1;
S = tmp + 2; // skip ") " S = tmp + 2; // skip ") "
num = sscanf(S, sscanf(S,
"%c " // state "%c " // state
"%d %d %d %d %d " // ppid, pgrp, sid, tty_nr, tty_pgrp "%d %d %d %d %d " // ppid, pgrp, sid, tty_nr, tty_pgrp
"%lu %lu %lu %lu %lu " // flags, min_flt, cmin_flt, maj_flt, cmaj_flt "%lu %lu %lu %lu %lu " // flags, min_flt, cmin_flt, maj_flt, cmaj_flt