ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-02-01 00:45:28 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

busybox: fix busybox lock applet pidstr buffer overflow

Browse Source 
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.

Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
This commit is contained in:
Qichao Zhang 2022-03-20 09:43:22 +08:00 committed by Hauke Mehrtens
parent aee9ccf5c1
commit 34567750db
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/utils/busybox/patches/220-add_lock_util.patch
View File

@ -72,9 +72,9 @@
+ +
+static int do_lock(void) +static int do_lock(void)
+{ +{
+ int pid; + pid_t pid;
+ int flags; + int flags;
+ char pidstr[8]; + char pidstr[12];
+ +
+ if ((fd = open(file, O_RDWR | O_CREAT | O_EXCL, 0700)) < 0) { + if ((fd = open(file, O_RDWR | O_CREAT | O_EXCL, 0700)) < 0) {
+ if ((fd = open(file, O_RDWR)) < 0) { + if ((fd = open(file, O_RDWR)) < 0) {
@ -109,7 +109,7 @@
+ if (!waitonly) { + if (!waitonly) {
+ lseek(fd, 0, SEEK_SET); + lseek(fd, 0, SEEK_SET);
+ ftruncate(fd, 0); + ftruncate(fd, 0);
+ sprintf(pidstr, "%d\n", pid); + snprintf(sizeof(pidstr), pidstr, "%d\n", pid);
+ write(fd, pidstr, strlen(pidstr)); + write(fd, pidstr, strlen(pidstr));
+ close(fd); + close(fd);
+ } + }