d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix buffer overrun in gcore(1) NT_PRPSINFO

Browse Source 
Use size of destination buffer, rather than a constant that may or may not
correspond to the source buffer, to restrict the length of copied strings.  In
particular, pr_fname has 16+1 characters but MAXCOMLEN is 18+1.

Use strlcpy instead of strncpy to ensure the result is nul-terminated.  This
seems to be what is expected of these fields.

Reported by:	Coverity
CIDs:		1011302, 1011378
Sponsored by:	EMC / Isilon Storage Division
This commit is contained in:
Conrad Meyer 2016-05-11 15:31:31 +00:00
parent 7ca01e8f89
commit 6a4b635383
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=299458
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
usr.bin/gcore/elfcore.c
View File

@ -560,8 +560,8 @@ elf_note_prpsinfo(void *arg, size_t *sizep)
err(1, "kern.proc.pid.%u", pid);
if (kip.ki_pid != pid)
err(1, "kern.proc.pid.%u", pid);
strncpy(psinfo->pr_fname, kip.ki_comm, MAXCOMLEN);
strncpy(psinfo->pr_psargs, psinfo->pr_fname, PRARGSZ);
strlcpy(psinfo->pr_fname, kip.ki_comm, sizeof(psinfo->pr_fname));
strlcpy(psinfo->pr_psargs, psinfo->pr_fname, sizeof(psinfo->pr_psargs));
*sizep = sizeof(*psinfo);
return (psinfo);