[Cluster-devel] [PATCH 29/41] qdiskd: add strlen check to avoid memory corruption
Fabio M. Di Nitto
fdinitto at redhat.com
Wed Nov 23 10:15:48 UTC 2011
and fix a few impossible buffer overflows
Spotted by Coverity Scan
Signed-off-by: Fabio M. Di Nitto <fdinitto at redhat.com>
---
:100644 100644 d5926f9... 929b152... M cman/qdisk/daemon_init.c
cman/qdisk/daemon_init.c | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/cman/qdisk/daemon_init.c b/cman/qdisk/daemon_init.c
index d5926f9..929b152 100644
--- a/cman/qdisk/daemon_init.c
+++ b/cman/qdisk/daemon_init.c
@@ -48,11 +48,12 @@ check_pid_valid(pid_t pid, char *prog)
char dirpath[PATH_MAX];
char proc_cmdline[64]; /* yank this from kernel somewhere */
char *s = NULL;
+ size_t proc_cmdline_len = 0;
memset(filename, 0, PATH_MAX);
memset(dirpath, 0, PATH_MAX);
- snprintf(dirpath, sizeof (dirpath), "/proc/%d", pid);
+ snprintf(dirpath, sizeof (dirpath) - 1, "/proc/%d", pid);
if ((dir = opendir(dirpath)) == NULL) {
closedir(dir);
return 0; /* Pid has gone away. */
@@ -63,7 +64,7 @@ check_pid_valid(pid_t pid, char *prog)
* proc-pid directory exists. Now check to see if this
* PID corresponds to the daemon we want to start.
*/
- snprintf(filename, sizeof (filename), "/proc/%d/cmdline", pid);
+ snprintf(filename, sizeof (filename) - 1, "/proc/%d/cmdline", pid);
fp = fopen(filename, "r");
if (fp == NULL) {
perror("check_pid_valid");
@@ -83,9 +84,12 @@ check_pid_valid(pid_t pid, char *prog)
}
fclose(fp);
- s = &(proc_cmdline[strlen(proc_cmdline)]);
- if (*s == '\n')
- *s = 0;
+ proc_cmdline_len = strlen(proc_cmdline);
+ if (proc_cmdline_len) {
+ s = &(proc_cmdline[proc_cmdline_len]);
+ if (*s == '\n')
+ *s = 0;
+ }
/*
* Check to see if this is the same executable.
--
1.7.4.4
More information about the Cluster-devel
mailing list