mirror of
https://github.com/coolsnowwolf/lede.git
synced 2025-04-16 04:13:31 +00:00
busybox: Fix snprintf arguments in lock (#9239)
* busybox: fix busybox lock applet pidstr buffer overflow
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.
Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
* busybox: Fix snprintf arguments in lock
The first argument for snprintf is the buffer and the 2. one is the
size. Fix the order. This broke the lock application.
Fixes: 34567750db2c ("busybox: fix busybox lock applet pidstr buffer overflow")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Qichao Zhang <njuzhangqichao@gmail.com>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
breakings
GitHub
parent
f55a0fe8a4
commit
866c0bd91a
@ -72,9 +72,9 @@
|
||||
+
|
||||
+static int do_lock(void)
|
||||
+{
|
||||
+ int pid;
|
||||
+ pid_t pid;
|
||||
+ int flags;
|
||||
+ char pidstr[8];
|
||||
+ char pidstr[12];
|
||||
+
|
||||
+ if ((fd = open(file, O_RDWR | O_CREAT | O_EXCL, 0700)) < 0) {
|
||||
+ if ((fd = open(file, O_RDWR)) < 0) {
|
||||
@ -109,7 +109,7 @@
|
||||
+ if (!waitonly) {
|
||||
+ lseek(fd, 0, SEEK_SET);
|
||||
+ ftruncate(fd, 0);
|
||||
+ sprintf(pidstr, "%d\n", pid);
|
||||
+ snprintf(pidstr, sizeof(pidstr), "%d\n", pid);
|
||||
+ write(fd, pidstr, strlen(pidstr));
|
||||
+ close(fd);
|
||||
+ }
|
||||
|
||||
Loading…
Reference in New Issue
Block a user