emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

0078-proc/readproc.c: Harden simple_nextpid().

Browse Source 
Replace memcpy+strcpy with snprintf.

---------------------------- adapted for newlib branch
. adapted via 'patch' (without rejections)

Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent ed463c7d88
commit c03e52786d
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
proc/readproc.c
View File

@ -1228,8 +1228,7 @@ static int simple_nextpid(PROCTAB *restrict const PT, proc_t *restrict const p)
} }
p->tgid = strtoul(ent->d_name, NULL, 10); p->tgid = strtoul(ent->d_name, NULL, 10);
p->tid = p->tgid; p->tid = p->tgid;
memcpy(path, "/proc/", 6); snprintf(path, PROCPATHLEN, "/proc/%s", ent->d_name);
strcpy(path+6, ent->d_name); // trust /proc to not contain evil top-level entries
return 1; return 1;
} }