]> granicus.if.org Git - procps-ng/commit
projects / procps-ng / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 39dcf47) | patch
proc/readproc.c: Harden vectorize_this_str().
authorQualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committerCraig Small <csmall@enc.com.au>
Fri, 18 May 2018 21:32:22 +0000 (07:32 +1000)
commit6939463606f6369a6d3db4d82de0bfd548fac81e
tree1de80417556739d881aa51a982ebb1cf301d58cctree | snapshot
parent39dcf47bc85ad74dde0efa183f423820e2a90153commit | diff
proc/readproc.c: Harden vectorize_this_str().

This detects an integer overflow of "strlen + 1", prevents an integer
overflow of "tot + adj + (2 * pSZ)", and avoids calling snprintf with a
string longer than INT_MAX. Truncate rather than fail, since the callers
do not expect a failure of this function.
proc/readproc.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.