← Back to branch summary

~ubuntu-branches/ubuntu/precise/das-watchdog/precise-security

« back to all changes in this revision

Viewing changes to debian/patches/0001-Fix-memory-overflow-if-the-name-of-an-environment-is.patch

  • Committer: Package Import Robot
  • Author(s): Tyler Hicks
  • Date: 2015-05-15 12:08:01 UTC
  • Revision ID: package-import@ubuntu.com-20150515120801-z4ha7uy7f8hqnkbn
Tags: 0.9.0-2+deb6u1build0.12.04.1
fake sync from Debian

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/0001-Fix-memory-overflow-if-the-name-of-an-environment-is.patch
 
1
From bd20bb02e75e2c0483832b52f2577253febfb690 Mon Sep 17 00:00:00 2001
 
2
From: Kjetil Matheussen <k.s.matheussen@usit.uio.no>
 
3
Date: Wed, 1 Apr 2015 16:06:48 +0200
 
4
Subject: [PATCH] Fix memory overflow if the name of an environment is larger
 
5
 than 500 characters. Bug found by Adam Sampson.
 
6
 
 
7
---
 
8
 das_watchdog.c | 10 +++++++++-
 
9
 1 file changed, 9 insertions(+), 1 deletion(-)
 
10
 
 
11
diff --git a/das_watchdog.c b/das_watchdog.c
 
12
index c98bbea..8473fe8 100644
 
13
--- a/das_watchdog.c
 
14
+++ b/das_watchdog.c
 
15
@@ -306,7 +306,9 @@ static int checksoftirq(int force){
 
16
 
 
17
 
 
18
 static char *get_pid_environ_val(pid_t pid,char *val){
 
19
-  char temp[500];
 
20
+  int temp_size = 500;
 
21
+  char *temp = malloc(temp_size);
 
22
+  
 
23
   int i=0;
 
24
   int foundit=0;
 
25
   FILE *fp;
 
26
@@ -319,6 +321,12 @@ static char *get_pid_environ_val(pid_t pid,char *val){
 
27
 
 
28
   
 
29
   for(;;){
 
30
+    
 
31
+    if (i >= temp_size) {
 
32
+      temp_size *= 2;
 
33
+      temp = realloc(temp, temp_size);
 
34
+    }
 
35
+      
 
36
     temp[i]=fgetc(fp);    
 
37
 
 
38
     if(foundit==1 && (temp[i]==0 || temp[i]=='\0' || temp[i]==EOF)){
 
39
-- 
 
40
2.1.4
 
41