commit: b5d34e577acb271cdc616b47b77569cb5577b9ef
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 01:55:49 2024 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 01:55:49 2024 +0000
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b5d34e57
pspax: fix buffer limiting in cmdline reading
The current scanf format tries to use "%s.1023" to limit reading to 1023
bytes, but that doesn't actually work -- the maximum field width is between
the "%" and the "s", so it should have been "%1023s". This ends up working
anyways because the %s stops reading when it hits NUL or a space. Normally
cmdline is NUL delimited which means argv[0] would have to be 1024+ bytes
inorder to overflow this. Or the process rewrote its cmdline settings such
that argv[0] was that long. Certainly possible, but extremely unlikely.
Fix the scanf string to properly limit to 1023 bytes (+1 for the NUL).
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
pspax.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pspax.c b/pspax.c
index 81392b1..f1644a3 100644
--- a/pspax.c
+++ b/pspax.c
@@ -63,7 +63,7 @@ static const char *get_proc_name_cmdline(int pfd)
if (fp == NULL)
return NULL;
- if (fscanf(fp, "%s.1023", str) != 1) {
+ if (fscanf(fp, "%1023s", str) != 1) {
fclose(fp);
return NULL;
}
