mir/criu
2
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu synced 2025-09-05 08:45:49 +00:00
Code Issues Releases Wiki Activity

proc_parse: Copy into fixed size buffer (STRING_OVERFLOW)

Browse Source 
CID 226480 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
 You might overrun the 4096-character fixed-size string root_link.name by copying new->root without checking the length.

Signed-off-by: Adrian Reber <areber@redhat.com>
This commit is contained in:
Adrian Reber
2020-09-28 07:51:28 +00:00
committed by Andrei Vagin
parent 8645648235
commit 2ed16451b0
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
criu/proc_parse.c
View File

@@ -1372,6 +1372,10 @@ static int parse_mountinfo_ent(char *str, struct mount_info *new, char **fsname)
cure_path(new->root);
root_link.len = strlen(new->root);
if (root_link.len >= sizeof(root_link.name) - 1) {
pr_err("new root path (%s) exceeds %zu\n", new->root, sizeof(root_link.name));
goto err;
}
strcpy(root_link.name, new->root);
if (strip_deleted(&root_link)) {
strcpy(new->root, root_link.name);