From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: proc/sysinfo.c: Fix off-by-one in get_pid_digits().
X-Git-Tag: v3.3.15~97
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a33be338856a436e41f2cbdcfd4b25f09dc18358;p=procps-ng

proc/sysinfo.c: Fix off-by-one in get_pid_digits().

At "pidbuf[rc] = '\0';" if "rc = read()" returns "sizeof pidbuf"
(unlikely to ever happen, but still).
---

diff --git a/proc/sysinfo.c b/proc/sysinfo.c
index f0f705ff..42646942 100644
--- a/proc/sysinfo.c
+++ b/proc/sysinfo.c
@@ -1140,7 +1140,7 @@ unsigned get_pid_digits(void){
   ret = 5;
   fd = open("/proc/sys/kernel/pid_max", O_RDONLY);
   if(fd==-1) goto out;
-  rc = read(fd, pidbuf, sizeof pidbuf);
+  rc = read(fd, pidbuf, sizeof pidbuf - 1);
   close(fd);
   if(rc<3) goto out;
   pidbuf[rc] = '\0';