On Sat, Mar 11, 2017 at 02:27:33PM +0300, Victor Krapivensky wrote: > Linux does not prevent a user from creating a lot of nested directories > with length of the absolute path of the deepest one exceeding PATH_MAX, > then chdir'ing into it, creating a file there and mmap'ing it. Since the > length of the prefix preceding the pathname in /proc/[pid]/maps is not > necessary 80 (it's 73 on my machine), an overflow is possible. > > * unwind.c: Fix a possible buffer overflow. > --- > unwind.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/unwind.c b/unwind.c > index 326d184..6a7f342 100644 > --- a/unwind.c > +++ b/unwind.c > @@ -159,7 +159,7 @@ build_mmap_cache(struct tcb* tcp) > struct mmap_cache_t *entry; > unsigned long start_addr, end_addr, mmap_offset; > char exec_bit; > - char binary_path[PATH_MAX]; > + char binary_path[sizeof(buffer)]; > > if (sscanf(buffer, "%lx-%lx %*c%*c%c%*c %lx %*x:%*x %*d %[^\n]", > &start_addr, &end_addr, &exec_bit,
Applied, thanks. btw, does the kernel impose any limits on /proc/$pid/maps line length? If not, we probably should support longer lines, too. P.S. Next time please do not embed several patches into a single email, it's too easy to miss them. Also, inline patches are easier to discuss than attached ones, so please send them inline if possible. -- ldv
pgp6cRjf_TbiJ.pgp
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Strace-devel mailing list Strace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/strace-devel
