This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13337] New: load_shobj(): Fix readlink() buffer termination handling
- From: "thomas.jarosch at intra2net dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Mon, 24 Oct 2011 15:04:10 +0000
- Subject: [Bug libc/13337] New: load_shobj(): Fix readlink() buffer termination handling
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=13337
Bug #: 13337
Summary: load_shobj(): Fix readlink() buffer termination
handling
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: thomas.jarosch@intra2net.com
Classification: Unclassified
Created attachment 6029
--> http://sourceware.org/bugzilla/attachment.cgi?id=6029
Patch to fix the issue
>From the patch:
load_shobj(): Fix readlink() buffer termination handling
readlink() never zero terminates the buffer.
load_shobj() calls readlink() like this:
"if (readlink (origprocname, origlink, PATH_MAX) == -1)"
It tried to compensate for the missing zero termination
with this line of code:
origlink[PATH_MAX] = '\0';
This is wrong as the content of the 'origlink' buffer
will probably be shorter than PATH_MAX and therefore
contains an unterminated string + garbage.
Fix it by terminating the string properly. Also lower
the buffer size to PATH_MAX, that should be more than enough.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.