diff options
author | Jan Kratochvil <jan.kratochvil@redhat.com> | 2007-09-02 14:04:31 +0000 |
---|---|---|
committer | Jan Kratochvil <jan.kratochvil@redhat.com> | 2007-09-02 14:04:31 +0000 |
commit | d99148ef7338d24780a2ca8eed4ee228bcb1d4af (patch) | |
tree | 38339f182dfbc199e7f2ae6c4c6d5d3d444e9e91 | |
parent | 4cf31eea6a6bec860ad6605dac92b53c69d1bb4e (diff) | |
download | gdb-d99148ef7338d24780a2ca8eed4ee228bcb1d4af.zip gdb-d99148ef7338d24780a2ca8eed4ee228bcb1d4af.tar.gz gdb-d99148ef7338d24780a2ca8eed4ee228bcb1d4af.tar.bz2 |
* linux-nat.c (linux_nat_make_corefile_notes): Fixed a buffer overflow.
-rw-r--r-- | gdb/ChangeLog | 4 | ||||
-rw-r--r-- | gdb/linux-nat.c | 17 |
2 files changed, 18 insertions, 3 deletions
diff --git a/gdb/ChangeLog b/gdb/ChangeLog index c2fbbba..d1777a0 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,7 @@ +2007-09-02 Jan Kratochvil <jan.kratochvil@redhat.com> + + * linux-nat.c (linux_nat_make_corefile_notes): Fixed a buffer overflow. + 2007-09-01 Jan Kratochvil <jan.kratochvil@redhat.com> * Makefile.in (symfile.o): Update dependencies. diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c index 128e83f..90b8a3b 100644 --- a/gdb/linux-nat.c +++ b/gdb/linux-nat.c @@ -2686,7 +2686,9 @@ linux_nat_make_corefile_notes (bfd *obfd, int *note_size) { struct linux_nat_corefile_thread_data thread_args; struct cleanup *old_chain; + /* The variable size must be >= sizeof (prpsinfo_t.pr_fname). */ char fname[16] = { '\0' }; + /* The variable size must be >= sizeof (prpsinfo_t.pr_psargs). */ char psargs[80] = { '\0' }; char *note_data = NULL; ptid_t current_ptid = inferior_ptid; @@ -2699,9 +2701,18 @@ linux_nat_make_corefile_notes (bfd *obfd, int *note_size) strncpy (psargs, get_exec_file (0), sizeof (psargs)); if (get_inferior_args ()) { - strncat (psargs, " ", sizeof (psargs) - strlen (psargs)); - strncat (psargs, get_inferior_args (), - sizeof (psargs) - strlen (psargs)); + char *string_end; + char *psargs_end = psargs + sizeof (psargs); + + /* linux_elfcore_write_prpsinfo () handles zero unterminated + strings fine. */ + string_end = memchr (psargs, 0, sizeof (psargs)); + if (string_end != NULL) + { + *string_end++ = ' '; + strncpy (string_end, get_inferior_args (), + psargs_end - string_end); + } } note_data = (char *) elfcore_write_prpsinfo (obfd, note_data, |