em/slstatus
1
0
Fork 0
Code Releases Activity

Fixed out of boundary write on long lines.

Browse Source 
The terminating nul character ('\0') could be written outside the boundary of
the buffer which is used to read characters. If "sizeof(buffer)" characters
are read, the resulting value must not be used as index, because that's an off
by one.

Read sizeof(buffer)-1 bytes instead.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
This commit is contained in:
Tobias Stoeckmann 2017-04-02 13:12:03 +02:00
parent cceeec0efa
commit b1e7c40b21
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
slstatus.c
View File

@ -447,9 +447,9 @@ run_command(const char *cmd)
warn("Failed to get command output for %s", cmd); warn("Failed to get command output for %s", cmd);
return smprintf("%s", UNKNOWN_STR); return smprintf("%s", UNKNOWN_STR);
} }
fgets(buf, sizeof(buf), fp); fgets(buf, sizeof(buf) - 1, fp);
pclose(fp); pclose(fp);
buf[sizeof(buf)] = '\0'; buf[sizeof(buf) - 1] = '\0';
if ((nlptr = strstr(buf, "\n")) != NULL) { if ((nlptr = strstr(buf, "\n")) != NULL) {
nlptr[0] = '\0'; nlptr[0] = '\0';
@ -473,7 +473,7 @@ swap_free(void)
return smprintf("%s", UNKNOWN_STR); return smprintf("%s", UNKNOWN_STR);
} }
if ((bytes_read = fread(buf, sizeof(char), sizeof(buf), fp)) == 0) { if ((bytes_read = fread(buf, sizeof(char), sizeof(buf) - 1, fp)) == 0) {
warn("swap_free: read error"); warn("swap_free: read error");
fclose(fp); fclose(fp);
return smprintf("%s", UNKNOWN_STR); return smprintf("%s", UNKNOWN_STR);
@ -510,7 +510,7 @@ swap_perc(void)
return smprintf("%s", UNKNOWN_STR); return smprintf("%s", UNKNOWN_STR);
} }
if ((bytes_read = fread(buf, sizeof(char), sizeof(buf), fp)) == 0) { if ((bytes_read = fread(buf, sizeof(char), sizeof(buf) - 1, fp)) == 0) {
warn("swap_perc: read error"); warn("swap_perc: read error");
fclose(fp); fclose(fp);
return smprintf("%s", UNKNOWN_STR); return smprintf("%s", UNKNOWN_STR);
@ -551,7 +551,7 @@ swap_total(void)
warn("Failed to open file /proc/meminfo"); warn("Failed to open file /proc/meminfo");
return smprintf("%s", UNKNOWN_STR); return smprintf("%s", UNKNOWN_STR);
} }
if ((bytes_read = fread(buf, sizeof(char), sizeof(buf), fp)) == 0) { if ((bytes_read = fread(buf, sizeof(char), sizeof(buf) - 1, fp)) == 0) {
warn("swap_total: read error"); warn("swap_total: read error");
fclose(fp); fclose(fp);
return smprintf("%s", UNKNOWN_STR); return smprintf("%s", UNKNOWN_STR);
@ -582,7 +582,7 @@ swap_used(void)
warn("Failed to open file /proc/meminfo"); warn("Failed to open file /proc/meminfo");
return smprintf("%s", UNKNOWN_STR); return smprintf("%s", UNKNOWN_STR);
} }
if ((bytes_read = fread(buf, sizeof(char), sizeof(buf), fp)) == 0) { if ((bytes_read = fread(buf, sizeof(char), sizeof(buf) - 1, fp)) == 0) {
warn("swap_used: read error"); warn("swap_used: read error");
fclose(fp); fclose(fp);
return smprintf("%s", UNKNOWN_STR); return smprintf("%s", UNKNOWN_STR);