From 9d1250b39ccc6249aaea97f4c7f09ebd895a2395 Mon Sep 17 00:00:00 2001 From: Victor Krapivensky Date: Sat, 11 Mar 2017 14:27:33 +0300 Subject: [PATCH] unwind.c: fix a possible buffer overflow Linux does not prevent a user from creating a lot of nested directories with length of the absolute path of the deepest one exceeding PATH_MAX, then chdir'ing into it, creating a file there and mmap'ing it. Since the length of the prefix preceding the pathname in /proc/[pid]/maps is not necessary 80 (it's 73 on my machine), an overflow is possible. * unwind.c (build_mmap_cache): Fix a possible buffer overflow. --- unwind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unwind.c b/unwind.c index 326d184e..6a7f342c 100644 --- a/unwind.c +++ b/unwind.c @@ -159,7 +159,7 @@ build_mmap_cache(struct tcb* tcp) struct mmap_cache_t *entry; unsigned long start_addr, end_addr, mmap_offset; char exec_bit; - char binary_path[PATH_MAX]; + char binary_path[sizeof(buffer)]; if (sscanf(buffer, "%lx-%lx %*c%*c%c%*c %lx %*x:%*x %*d %[^\n]", &start_addr, &end_addr, &exec_bit, -- 2.40.0