[openwrt/openwrt] busybox: fix busybox lock applet pidstr buffer overflow
LEDE Commits
lede-commits at lists.infradead.org
Wed Mar 30 09:36:56 PDT 2022
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/34567750db2c3a84fc9f971189c223e2eefd93b0
commit 34567750db2c3a84fc9f971189c223e2eefd93b0
Author: Qichao Zhang <njuzhangqichao at gmail.com>
AuthorDate: Sun Mar 20 09:43:22 2022 +0800
busybox: fix busybox lock applet pidstr buffer overflow
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.
Signed-off-by: Qichao Zhang <njuzhangqichao at gmail.com>
---
package/utils/busybox/patches/220-add_lock_util.patch | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/utils/busybox/patches/220-add_lock_util.patch b/package/utils/busybox/patches/220-add_lock_util.patch
index 4e46b74f0e..623121b9fb 100644
--- a/package/utils/busybox/patches/220-add_lock_util.patch
+++ b/package/utils/busybox/patches/220-add_lock_util.patch
@@ -72,9 +72,9 @@
+
+static int do_lock(void)
+{
-+ int pid;
++ pid_t pid;
+ int flags;
-+ char pidstr[8];
++ char pidstr[12];
+
+ if ((fd = open(file, O_RDWR | O_CREAT | O_EXCL, 0700)) < 0) {
+ if ((fd = open(file, O_RDWR)) < 0) {
@@ -109,7 +109,7 @@
+ if (!waitonly) {
+ lseek(fd, 0, SEEK_SET);
+ ftruncate(fd, 0);
-+ sprintf(pidstr, "%d\n", pid);
++ snprintf(sizeof(pidstr), pidstr, "%d\n", pid);
+ write(fd, pidstr, strlen(pidstr));
+ close(fd);
+ }
More information about the lede-commits
mailing list