From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrey Borzenkov Date: Sat, 05 Sep 2009 04:34:11 +0000 Subject: Re: [PATCH] fix buffer overflow in util_run_program() Message-Id: <200909050834.11329.arvidjaar@mail.ru> MIME-Version: 1 Content-Type: multipart/mixed; boundary="nextPart4191234.F5DDovRW3M" List-Id: References: <20090904195414.GS4363@florz.florz.dyndns.org> In-Reply-To: <20090904195414.GS4363@florz.florz.dyndns.org> To: linux-hotplug@vger.kernel.org --nextPart4191234.F5DDovRW3M Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On Saturday 05 of September 2009 08:25:01 Florian Zumbiehl wrote: > Hi, >=20 > > > diff --git a/libudev/libudev-util-private.c > > > b/libudev/libudev-util-private.c index 64203a8..c309945 100644 > > > --- a/libudev/libudev-util-private.c > > > +++ b/libudev/libudev-util-private.c > > > @@ -268,7 +268,7 @@ int util_run_program(struct udev *udev, const > > > char *command, char **envp, pid_t pid; > > > char arg[UTIL_PATH_SIZE]; > > > char program[UTIL_PATH_SIZE]; > > > - char *argv[(sizeof(arg) / 2) + 1]; > > > + char *argv[sizeof(arg) + 1]; > > > > Could you give example when this overflows? >=20 > UTIL_PATH_SIZE-1 spaces. >=20 Please try to understand what code you are fixing does. --nextPart4191234.F5DDovRW3M Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEABECAAYFAkqh6kMACgkQR6LMutpd94wzHwCgr68TlJz5g8x951JNKDgUkRR2 L/gAoL37qa+1S9ki+So5eyJwob43pN0m =cTPP -----END PGP SIGNATURE----- --nextPart4191234.F5DDovRW3M--