This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Staprun buffer overflow

From: David Wilder <dwilder at us dot ibm dot com>
To: systemtap at sources dot redhat dot com
Date: Mon, 11 Dec 2006 09:53:32 -0800
Subject: Staprun buffer overflow

Hi-

I found a couple of buffer overrun conditions is in runtime/stpd/symbols.c:get_sections() occurring in sprintf() calls. I verified the problem by checking the return the sprintf calls. To fix it I simply doubled the size of the affected buffers. Here is my fix. I will check in the change if I don't get any complaints.

diff --git a/src/runtime/stpd/symbols.c b/src/runtime/stpd/symbols.c
index 7138e17..2aaa0d2 100644
--- a/src/runtime/stpd/symbols.c
+++ b/src/runtime/stpd/symbols.c
@@ -23,7 +23,7 @@ static int send_data(void *data, int len
/* Return the total length of all the data. */
static int get_sections(char *name, char *data_start, int datalen)
{
-       char dir[64], filename[64], buf[32], strdata_start[2048];
+       char dir[128], filename[128], buf[64], strdata_start[2048];
       char *strdata=strdata_start, *data=data_start;
       int fd, len;
       struct _stp_module *mod = (struct _stp_module *)data_start;

-- David Wilder IBM Linux Technology Center Beaverton, Oregon, USA dwilder@us.ibm.com (503)578-3789

Follow-Ups:
- Re: Staprun buffer overflow
  - From: Martin Hunt

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]