system-controller: stop a possible out-of-bounds write.

author Jan Ekström <jan.ekstrom@intel.com>

Thu, 6 Nov 2014 12:32:27 +0000 (14:32 +0200)

committer Krisztian Litkey <krisztian.litkey@intel.com>

Thu, 8 Jan 2015 16:37:19 +0000 (18:37 +0200)
author Jan Ekström <jan.ekstrom@intel.com>
Thu, 6 Nov 2014 12:32:27 +0000 (14:32 +0200)
committer Krisztian Litkey <krisztian.litkey@intel.com>
Thu, 8 Jan 2015 16:37:19 +0000 (18:37 +0200)
diff --git a/src/plugins/system-controller/wayland/glm-window-manager.c b/src/plugins/system-controller/wayland/glm-window-manager.c

index 922e1b0..74a0f1c 100644 (file)
--- a/src/plugins/system-controller/wayland/glm-window-manager.c
+++ b/src/plugins/system-controller/wayland/glm-window-manager.c
@@ -3346,8 +3346,8 @@ static int32_t get_parent_pid(int32_t pid)
  static void get_binary_basename(int32_t pid, char *buf, int len)
  {
      int fd;
-    char path[256];
-    char cmdline[1024];
+    char path[PATH_MAX];
+    char cmdline[PATH_MAX];
      char *bnam;
      ssize_t size;
  
@@ -3367,7 +3367,12 @@ static void get_binary_basename(int32_t pid, char *buf, int len)
  
      close(fd);
  
-    cmdline[size] = 0;
+    /* If we read more than allocated, truncate */
+    if (size >= PATH_MAX)
+        cmdline[PATH_MAX - 1] = 0;
+    else
+        cmdline[size] = 0;
+
      bnam = basename(cmdline);
  
      strncpy(buf, bnam, len-1);
author	Jan Ekström <jan.ekstrom@intel.com>
	Thu, 6 Nov 2014 12:32:27 +0000 (14:32 +0200)
committer	Krisztian Litkey <krisztian.litkey@intel.com>
	Thu, 8 Jan 2015 16:37:19 +0000 (18:37 +0200)