pspax: fix buffer limiting in cmdline reading - proj/pax-utils.git - ELF related utils for ELF 32/64 binaries that can check files for security relevant properties

diff options

author	Mike Frysinger <vapier@gentoo.org>	2024-01-24 20:55:49 -0500
committer	Mike Frysinger <vapier@gentoo.org>	2024-01-24 20:55:49 -0500
commit	b5d34e577acb271cdc616b47b77569cb5577b9ef (patch)
tree	d1cdcd86428cdabfbed5d69cc20381cd8bbf6f73 /paxelf.c
parent	pspax: replace proc_fopen with fopenat_r (diff)
download	pax-utils-b5d34e577acb271cdc616b47b77569cb5577b9ef.tar.gz pax-utils-b5d34e577acb271cdc616b47b77569cb5577b9ef.tar.bz2 pax-utils-b5d34e577acb271cdc616b47b77569cb5577b9ef.zip

pspax: fix buffer limiting in cmdline reading

The current scanf format tries to use "%s.1023" to limit reading to 1023 bytes, but that doesn't actually work -- the maximum field width is between the "%" and the "s", so it should have been "%1023s". This ends up working anyways because the %s stops reading when it hits NUL or a space. Normally cmdline is NUL delimited which means argv[0] would have to be 1024+ bytes inorder to overflow this. Or the process rewrote its cmdline settings such that argv[0] was that long. Certainly possible, but extremely unlikely. Fix the scanf string to properly limit to 1023 bytes (+1 for the NUL). Signed-off-by: Mike Frysinger <vapier@gentoo.org>

Diffstat (limited to 'paxelf.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: