From b096fdbfc093d06ba6d34dcad8a9f0efd47235f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Tue, 15 Sep 2020 19:55:21 +0200 Subject: [PATCH] Avoid potential buffer overflow in LinuxProcessList_readStatFile Pass size of allocated command buffer and limit write. --- linux/LinuxProcessList.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/linux/LinuxProcessList.c b/linux/LinuxProcessList.c index 8dae13c5..2f17974a 100644 --- a/linux/LinuxProcessList.c +++ b/linux/LinuxProcessList.c @@ -229,6 +229,8 @@ static inline unsigned long long LinuxProcess_adjustTime(unsigned long long t) { static bool LinuxProcessList_readStatFile(Process *process, const char* dirname, const char* name, char* command, int* commLen) { LinuxProcess* lp = (LinuxProcess*) process; + const int commLenIn = *commLen; + *commLen = 0; char filename[MAX_NAME+1]; xSnprintf(filename, MAX_NAME, "%s/%s/stat", dirname, name); int fd = open(filename, O_RDONLY); @@ -250,7 +252,7 @@ static bool LinuxProcessList_readStatFile(Process *process, const char* dirname, char *end = strrchr(location, ')'); if (!end) return false; - int commsize = end - location; + int commsize = MINIMUM(end - location, commLenIn - 1); memcpy(command, location, commsize); command[commsize] = '\0'; *commLen = commsize; @@ -824,7 +826,7 @@ static bool LinuxProcessList_recurseProcTree(LinuxProcessList* this, const char* char command[MAX_NAME+1]; unsigned long long int lasttimes = (lp->utime + lp->stime); - int commLen = 0; + int commLen = sizeof(command); unsigned int tty_nr = proc->tty_nr; if (! LinuxProcessList_readStatFile(proc, dirname, name, command, &commLen)) goto errorReadingProcess;