rpms / abrt

Clone
Source Code
GIT

Blame 0087-ccpp-check-for-overflow-in-abrt-coredump-path-creati.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-sig-altarch-debrand c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 master
  1.   fa1950198b4cd7ea9c3c04c4d0abcde7a69ff912
  2.   0087-ccpp-check-for-overflow-in-abrt-coredump-path-creati.patch
Blob History Raw
Matej Habrnal fa1950 
From 3d9e235072f6d219181a12b003112d5315544649 Mon Sep 17 00:00:00 2001
Matej Habrnal fa1950 
From: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950 
Date: Fri, 17 Apr 2015 14:43:59 +0200
Matej Habrnal fa1950 
Subject: [PATCH] ccpp: check for overflow in abrt coredump path creation
Matej Habrnal fa1950
Matej Habrnal fa1950 
This issue was discovered by Florian Weimer of Red Hat Product Security.
Matej Habrnal fa1950
Matej Habrnal fa1950 
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950 
---
Matej Habrnal fa1950 
 src/hooks/abrt-hook-ccpp.c | 4 +++-
Matej Habrnal fa1950 
 1 file changed, 3 insertions(+), 1 deletion(-)
Matej Habrnal fa1950
Matej Habrnal fa1950 
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
Matej Habrnal fa1950 
index 92413e3..53700e4 100644
Matej Habrnal fa1950 
--- a/src/hooks/abrt-hook-ccpp.c
Matej Habrnal fa1950 
+++ b/src/hooks/abrt-hook-ccpp.c
Matej Habrnal fa1950 
@@ -592,7 +592,9 @@ int main(int argc, char** argv)
Matej Habrnal fa1950 
          * and maybe crash again...
Matej Habrnal fa1950 
          * Unlike dirs, mere files are ignored by abrtd.
Matej Habrnal fa1950 
          */
Matej Habrnal fa1950 
-        snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash);
Matej Habrnal fa1950 
+        if (snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash) >= sizeof(path))
Matej Habrnal fa1950 
+            error_msg_and_die("Error saving '%s': truncated long file path", path);
Matej Habrnal fa1950 
+
Matej Habrnal fa1950 
         int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_TRUNC, 0600);
Matej Habrnal fa1950 
         off_t core_size = copyfd_eof(STDIN_FILENO, abrt_core_fd, COPYFD_SPARSE);
Matej Habrnal fa1950 
         if (core_size < 0 || fsync(abrt_core_fd) != 0)
Matej Habrnal fa1950 
--
Matej Habrnal fa1950 
2.1.0
Matej Habrnal fa1950

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation