Projects
openEuler:22.03:LTS:LoongArch
util-linux
_service:tar_scm_kernel_repo:backport-lslocks-f...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-lslocks-fix-buffer-overflow.patch of Package util-linux
From c7e20a87573202ed5288447b557cb7cff1b40a17 Mon Sep 17 00:00:00 2001 From: Karel Zak <kzak@redhat.com> Date: Thu, 29 Feb 2024 20:43:35 +0100 Subject: [PATCH] lslocks: fix buffer overflow * don't use memset() to init variables * use xreaddir() to reduce code * use ssize_t for readlinkat() return value to avoid buffer overflow Signed-off-by: Karel Zak <kzak@redhat.com> (cherry picked from commit f030775ffeaa8627c88434f7d0cba1a454aa0ffa) --- misc-utils/lslocks.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/misc-utils/lslocks.c b/misc-utils/lslocks.c index b14d419..06c707a 100644 --- a/misc-utils/lslocks.c +++ b/misc-utils/lslocks.c @@ -45,6 +45,7 @@ #include "closestream.h" #include "optutils.h" #include "procutils.h" +#include "fileutils.h" /* column IDs */ enum { @@ -164,13 +165,12 @@ static char *get_filename_sz(ino_t inode, pid_t lock_pid, size_t *size) struct stat sb; struct dirent *dp; DIR *dirp; - size_t len; + size_t sz; int fd; - char path[PATH_MAX], sym[PATH_MAX], *ret = NULL; + char path[PATH_MAX] = { 0 }, + sym[PATH_MAX] = { 0 }, *ret = NULL; *size = 0; - memset(path, 0, sizeof(path)); - memset(sym, 0, sizeof(sym)); /* * We know the pid so we don't have to @@ -181,16 +181,14 @@ static char *get_filename_sz(ino_t inode, pid_t lock_pid, size_t *size) if (!(dirp = opendir(path))) return NULL; - if ((len = strlen(path)) >= (sizeof(path) - 2)) + if ((sz = strlen(path)) >= (sizeof(path) - 2)) goto out; if ((fd = dirfd(dirp)) < 0 ) goto out; - while ((dp = readdir(dirp))) { - if (!strcmp(dp->d_name, ".") || - !strcmp(dp->d_name, "..")) - continue; + while ((dp = xreaddir(dirp))) { + ssize_t len; errno = 0; -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.