Overview

File qps-1.10.12.1-buffer_overflow.patch of Package qps

Description: Fix buffer owerflow (bnc#613864).
Author: Bernhard Rotter <bernhard.rotter@gmail.com>
Index: proc_linux.cpp
===================================================================
--- proc_linux.cpp.orig	2009-10-18 15:45:07.000000000 +0400
+++ proc_linux.cpp	2010-07-06 13:12:40.000000000 +0400
@@ -494,18 +494,16 @@ int Procinfo::readproc()
 		groupname=groupName(gid,egid);
 		
 		int bug=0;
-		char cmdline_cmd[256]; // !!!! some name .... larger
+		char cmdline_cmd[256] = ""; // !!!! some name .... larger
 		//read /proc/pid/cmdline
 		int size;
-		cmdline_cmd[0]=0;
 
 		// anyone can read [cmdline]
 		if((buf= read_proc_file2(path,"cmdline", &size)) ==0 ) return -1;
 		else {
 			//printf("DEBUG: size=%d \n",size);
-			int  cmdlen=strlen(buf);
 		
-			if(cmdlen == 0) {
+			if(strlen(buf) == 0) {
 				// 1. kthread 
 				// printf("Qps:debug no_cmdline pid=%d\n",pid );
 				cmdline = "";
@@ -514,8 +512,8 @@ int Procinfo::readproc()
 			// cmdline = codec->toUnicode(cmdbuf,strlen(cmdbuf));
 			else
 			{
-				strcpy(cmdline_cmd,buf); // copy cmd without options
-				
+				strncpy(cmdline_cmd, buf, sizeof(cmdline_cmd)); // copy cmd without options
+				cmdline_cmd[sizeof(cmdline_cmd) -1] = 0;
 				//change 0x00,0xA to ' ' 
 				for(int i = 0; i < size - 1; i++)  //OVERFLOW
 					if(buf[i]==0 or buf[i]==0x0A)
openSUSE Build Service is sponsored by
Places