This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Staprun buffer overflow
- From: David Wilder <dwilder at us dot ibm dot com>
- To: systemtap at sources dot redhat dot com
- Date: Mon, 11 Dec 2006 09:53:32 -0800
- Subject: Staprun buffer overflow
Hi-
I found a couple of buffer overrun conditions is in
runtime/stpd/symbols.c:get_sections() occurring in sprintf() calls.
I verified the problem by checking the return the sprintf calls. To
fix it I simply doubled the size of the affected buffers. Here is my
fix. I will check in the change if I don't get any complaints.
diff --git a/src/runtime/stpd/symbols.c b/src/runtime/stpd/symbols.c
index 7138e17..2aaa0d2 100644
--- a/src/runtime/stpd/symbols.c
+++ b/src/runtime/stpd/symbols.c
@@ -23,7 +23,7 @@ static int send_data(void *data, int len
/* Return the total length of all the data. */
static int get_sections(char *name, char *data_start, int datalen)
{
- char dir[64], filename[64], buf[32], strdata_start[2048];
+ char dir[128], filename[128], buf[64], strdata_start[2048];
char *strdata=strdata_start, *data=data_start;
int fd, len;
struct _stp_module *mod = (struct _stp_module *)data_start;
--
David Wilder
IBM Linux Technology Center
Beaverton, Oregon, USA
dwilder@us.ibm.com
(503)578-3789