On 1/16/20 10:43 AM, Nikola Forró wrote:
It is assumed that arguments read from /proc/<pid>/cmdline don't exceed
buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's
not always the case.
Add check to prevent buffer overflow and discard the excessive part of
an argument.
With all of the string parsing and special casing for truncation and
overflow, I would really like to see some automated tests around
cg_get_procname_from_proc_cmdline(). This feels like a place where we
want to be very careful.
I briefly looked through the entire function and it looks like a great
candidate for unit testing (except for the readlink() and fopen() lines
but that's easily worked around.)
Thoughts?
Thanks.
Tom
Signed-off-by: Nikola Forró <nfo...@redhat.com>
---
src/api.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/api.c b/src/api.c
index 92730e6..959a814 100644
--- a/src/api.c
+++ b/src/api.c
@@ -4601,13 +4601,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid,
while (c != EOF) {
c = fgetc(f);
- if ((c != EOF) && (c != '\0')) {
+ if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) {
buf_pname[len] = c;
len++;
continue;
}
buf_pname[len] = '\0';
+ if (len == FILENAME_MAX - 1)
+ while ((c != EOF) && (c != '\0'))
+ c = fgetc(f);
+
/*
* The taken process name from /proc/<pid>/status is
* shortened to 15 characters if it is over. So the
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
