|
 |
fa19501 |
From 3d9e235072f6d219181a12b003112d5315544649 Mon Sep 17 00:00:00 2001
|
|
|
fa19501 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
fa19501 |
Date: Fri, 17 Apr 2015 14:43:59 +0200
|
|
|
fa19501 |
Subject: [PATCH] ccpp: check for overflow in abrt coredump path creation
|
|
|
fa19501 |
|
|
|
fa19501 |
This issue was discovered by Florian Weimer of Red Hat Product Security.
|
|
|
fa19501 |
|
|
|
fa19501 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
fa19501 |
---
|
|
|
fa19501 |
src/hooks/abrt-hook-ccpp.c | 4 +++-
|
|
|
fa19501 |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
fa19501 |
|
|
|
fa19501 |
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
|
|
|
fa19501 |
index 92413e3..53700e4 100644
|
|
|
fa19501 |
--- a/src/hooks/abrt-hook-ccpp.c
|
|
|
fa19501 |
+++ b/src/hooks/abrt-hook-ccpp.c
|
|
|
fa19501 |
@@ -592,7 +592,9 @@ int main(int argc, char** argv)
|
|
|
fa19501 |
* and maybe crash again...
|
|
|
fa19501 |
* Unlike dirs, mere files are ignored by abrtd.
|
|
|
fa19501 |
*/
|
|
|
fa19501 |
- snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash);
|
|
|
fa19501 |
+ if (snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash) >= sizeof(path))
|
|
|
fa19501 |
+ error_msg_and_die("Error saving '%s': truncated long file path", path);
|
|
|
fa19501 |
+
|
|
|
fa19501 |
int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
|
|
fa19501 |
off_t core_size = copyfd_eof(STDIN_FILENO, abrt_core_fd, COPYFD_SPARSE);
|
|
|
fa19501 |
if (core_size < 0 || fsync(abrt_core_fd) != 0)
|
|
|
fa19501 |
--
|
|
|
fa19501 |
2.1.0
|
|
|
fa19501 |
|