glebfm/strace
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

unwind.c: fix a possible buffer overflow

Browse Source 
Linux does not prevent a user from creating a lot of nested directories
with length of the absolute path of the deepest one exceeding PATH_MAX,
then chdir'ing into it, creating a file there and mmap'ing it. Since the
length of the prefix preceding the pathname in /proc/[pid]/maps is not
necessary 80 (it's 73 on my machine), an overflow is possible.

* unwind.c (build_mmap_cache): Fix a possible buffer overflow.
This commit is contained in:
Victor Krapivensky 2017-03-11 14:27:33 +03:00 committed by Dmitry V. Levin
parent c9731a0dbe
commit 9d1250b39c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
unwind.c
View File

@ -159,7 +159,7 @@ build_mmap_cache(struct tcb* tcp)
struct mmap_cache_t *entry;
unsigned long start_addr, end_addr, mmap_offset;
char exec_bit;
char binary_path[PATH_MAX];
char binary_path[sizeof(buffer)];
if (sscanf(buffer, "%lx-%lx %*c%*c%c%*c %lx %*x:%*x %*d %[^\n]",
&start_addr, &end_addr, &exec_bit,