diff options
author | Qualys Security Advisory <qsa@qualys.com> | 1970-01-01 00:00:00 +0000 |
---|---|---|
committer | Craig Small <csmall@enc.com.au> | 2018-06-23 21:59:14 +1000 |
commit | 8e6d11a928f8f6654a18f3f50b7203a0fa82665a (patch) | |
tree | fd2b87192e19f38da6ed43f8de6d07c6f7cfee38 /pgrep.c | |
parent | ac855877738e94cf1c9dd1a6a15ac7c0d06cf5db (diff) | |
download | procps-ng-8e6d11a928f8f6654a18f3f50b7203a0fa82665a.tar.gz |
0006-pgrep: Initialize the cmd*[] stack buffers.
Otherwise (for example), if the (undocumented) opt_echo is set, but not
opt_long, and not opt_longlong, and not opt_pattern, there is a call to
xstrdup(cmdoutput) but cmdoutput was never initialized:
sleep 60 & echo "$!" > pidfile
env -i LD_DEBUG=`perl -e 'print "A" x 131000'` pkill -e -c -F pidfile | xxd
...
000001c0: 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
000001d0: 4141 4141 4141 4141 fcd4 e6bd e47f 206b AAAAAAAA...... k
000001e0: 696c 6c65 6420 2870 6964 2031 3230 3931 illed (pid 12091
000001f0: 290a 310a ).1.
[1]+ Terminated sleep 60
(the LD_DEBUG is just a trick to fill the initial stack with non-null
bytes, to show that there is uninitialized data from the stack in the
output; here, an address "fcd4 e6bd e47f")
Diffstat (limited to 'pgrep.c')
-rw-r--r-- | pgrep.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -492,8 +492,8 @@ static struct el * select_procs (int *num) regex_t *preg; pid_t myself = getpid(); struct el *list = NULL; - char cmdsearch[CMDSTRSIZE]; - char cmdoutput[CMDSTRSIZE]; + char cmdsearch[CMDSTRSIZE] = ""; + char cmdoutput[CMDSTRSIZE] = ""; char *task_cmdline; enum pids_fetch_type which; |