From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrey Borzenkov Date: Sat, 05 Sep 2009 03:29:33 +0000 Subject: Re: [PATCH] fix buffer overflow in util_run_program() Message-Id: <200909050729.33828.arvidjaar@mail.ru> MIME-Version: 1 Content-Type: multipart/mixed; boundary="nextPart2416090.WJFJKKJZtL" List-Id: References: <20090904195414.GS4363@florz.florz.dyndns.org> In-Reply-To: <20090904195414.GS4363@florz.florz.dyndns.org> To: linux-hotplug@vger.kernel.org --nextPart2416090.WJFJKKJZtL Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On Friday 04 of September 2009 23:54:14 Florian Zumbiehl wrote: > Hi, >=20 > ... >=20 > Reading your high-quality code starts getting a bit boring, so I > guess that I won't waste any more of your valuable time for now, > except for finishing the threads I started. >=20 > Florian >=20 > diff --git a/libudev/libudev-util-private.c > b/libudev/libudev-util-private.c index 64203a8..c309945 100644 > --- a/libudev/libudev-util-private.c > +++ b/libudev/libudev-util-private.c > @@ -268,7 +268,7 @@ int util_run_program(struct udev *udev, const > char *command, char **envp, pid_t pid; > char arg[UTIL_PATH_SIZE]; > char program[UTIL_PATH_SIZE]; > - char *argv[(sizeof(arg) / 2) + 1]; > + char *argv[sizeof(arg) + 1]; Could you give example when this overflows? --nextPart2416090.WJFJKKJZtL Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEABECAAYFAkqh2x0ACgkQR6LMutpd94w4rQCdHrx7mtvY6ERB9b+79ljoAkUZ CW4AniPeSjEqsVE1dtDNsCAalJIfPQJo =q9ua -----END PGP SIGNATURE----- --nextPart2416090.WJFJKKJZtL--