Package: procps Version: 1:3.2.7-11 Severity: normal Tags: patch
35_path_max.dpatch is broken: If the path is shorter than 128 characters char* s remains uninitialized and the command displays garbage characters instead of the working directory. Additionally due to incorrect parentheses the terminating 0 is always added to buf[0] (which is the wrong string anyway). A corrected patch is attached. -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (600, 'stable'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 2.6.28-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages procps depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii libncurses5 5.7+20081213-1 shared libraries for terminal hand ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip Versions of packages procps recommends: ii psmisc 22.6-1 Utilities that use the proc filesy procps suggests no packages. -- no debconf information
#! /bin/sh /usr/share/dpatch/dpatch-run ## 35_path_max.dpatch by Madhusudan.C.S <[email protected]> ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Uses alloc instead of fixed PATH_MAX value #496274 @DPATCH@ diff -urNad procps-3.2.7~/proc/readproc.c procps-3.2.7/proc/readproc.c --- procps-3.2.7~/proc/readproc.c 2008-09-09 15:01:09.000000000 +1000 +++ procps-3.2.7/proc/readproc.c 2008-09-09 15:01:36.000000000 +1000 @@ -1034,7 +1034,7 @@ * and filled out proc_t structure. */ proc_t * get_proc_stats(pid_t pid, proc_t *p) { - static char path[PATH_MAX], sbuf[1024]; + static char path[32], sbuf[1024]; struct stat statbuf; sprintf(path, "/proc/%d", pid); diff -urNad procps-3.2.7~/pwdx.c procps-3.2.7/pwdx.c --- procps-3.2.7~/pwdx.c 2006-06-17 19:29:06.000000000 +1000 +++ procps-3.2.7/pwdx.c 2009-03-11 19:56:58.466099226 +0100 @@ -35,7 +35,6 @@ int main(int argc, char* argv[]) { - char buf[PATH_MAX+1]; regex_t re; int i; @@ -59,6 +58,7 @@ for (i = 1; i < argc; i++) { if (regexec(&re, argv[i], 0, NULL, 0) != 0) { + char buf[27 + strlen (argv[i]) + 1]; // Constant 27 is the length of the error string "pwdx: ... " snprintf(buf, sizeof buf, "pwdx: invalid process id: %s\n", argv[i]); die(buf); } @@ -68,9 +68,13 @@ regfree(&re); + int alloclen = 128; + char *pathbuf = malloc(alloclen); + for (i = 1; i < argc; i++) { - char * s = buf; + char * s; int len; + char buf[10 + strlen(argv[i]) + 1]; // Constant 10 is the length of strings "/proc/" + "/cwd" + 1 // At this point, all arguments are in the form /proc/nnnn // or nnnn, so a simple check based on the first char is @@ -83,13 +87,21 @@ // buf contains /proc/nnnn/cwd symlink name on entry, the // target of that symlink on return - if ((len = readlink(buf, buf, PATH_MAX)) < 0) { + while ((len = readlink(buf, pathbuf, alloclen)) == alloclen) { + alloclen *= 2; + pathbuf = realloc(pathbuf, alloclen); + } + + if (len < 0) { s = strerror(errno == ENOENT ? ESRCH : errno); } else { - buf[len] = 0; + pathbuf[len] = 0; + s = pathbuf; } printf("%s: %s\n", argv[i], s); } + free(pathbuf); + return 0; }
signature.asc
Description: PGP signature
