FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Cluster Development

 
 
LinkBack Thread Tools
 
Old 11-23-2011, 09:15 AM
"Fabio M. Di Nitto"
 
Default qdiskd: add strlen check to avoid memory corruption

and fix a few impossible buffer overflows

Spotted by Coverity Scan

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
:100644 100644 d5926f9... 929b152... M cman/qdisk/daemon_init.c
cman/qdisk/daemon_init.c | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/cman/qdisk/daemon_init.c b/cman/qdisk/daemon_init.c
index d5926f9..929b152 100644
--- a/cman/qdisk/daemon_init.c
+++ b/cman/qdisk/daemon_init.c
@@ -48,11 +48,12 @@ check_pid_valid(pid_t pid, char *prog)
char dirpath[PATH_MAX];
char proc_cmdline[64]; /* yank this from kernel somewhere */
char *s = NULL;
+ size_t proc_cmdline_len = 0;

memset(filename, 0, PATH_MAX);
memset(dirpath, 0, PATH_MAX);

- snprintf(dirpath, sizeof (dirpath), "/proc/%d", pid);
+ snprintf(dirpath, sizeof (dirpath) - 1, "/proc/%d", pid);
if ((dir = opendir(dirpath)) == NULL) {
closedir(dir);
return 0; /* Pid has gone away. */
@@ -63,7 +64,7 @@ check_pid_valid(pid_t pid, char *prog)
* proc-pid directory exists. Now check to see if this
* PID corresponds to the daemon we want to start.
*/
- snprintf(filename, sizeof (filename), "/proc/%d/cmdline", pid);
+ snprintf(filename, sizeof (filename) - 1, "/proc/%d/cmdline", pid);
fp = fopen(filename, "r");
if (fp == NULL) {
perror("check_pid_valid");
@@ -83,9 +84,12 @@ check_pid_valid(pid_t pid, char *prog)
}
fclose(fp);

- s = &(proc_cmdline[strlen(proc_cmdline)]);
- if (*s == '
')
- *s = 0;
+ proc_cmdline_len = strlen(proc_cmdline);
+ if (proc_cmdline_len) {
+ s = &(proc_cmdline[proc_cmdline_len]);
+ if (*s == '
')
+ *s = 0;
+ }

/*
* Check to see if this is the same executable.
--
1.7.4.4
 

Thread Tools




All times are GMT. The time now is 06:56 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org