prepare_pstree: fixup reading kernel pid_max

Submitted by Kir Kolyshkin on Aug. 4, 2016, 1:04 a.m.

Details

Message ID 1470272641-29482-1-git-send-email-kir@openvz.org
State Rejected
Series "prepare_pstree: fixup reading kernel pid_max"
Headers show

Commit Message

Kir Kolyshkin Aug. 4, 2016, 1:04 a.m.
Two fixes (reported by coverity) and a minor nitpick:

1. Fix checking error from open_proc().

2. Fix buffer overflow. MAX_ULONG can be 20 characters long, so
ret = read() can return 20 and buf[ret] = 0 will overrun the buf.
Make a buf one character longer (an extra byte for \0) and pass
sizeof(buf) - 1 to read to fix it.

3. Call close() right after read().

This is a fixup to commit e68bded.

Reported by Coverity, CID 168505, 168504.

Cc: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
---
 criu/pstree.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/pstree.c b/criu/pstree.c
index af89dbb..afc64dc 100644
--- a/criu/pstree.c
+++ b/criu/pstree.c
@@ -987,17 +987,17 @@  int prepare_pstree(void)
 	int ret;
 	pid_t pid_max = 0, kpid_max = 0;
 	int fd;
-	char buf[20];
+	char buf[21];
 
 	fd = open_proc(PROC_GEN, PID_MAX_PATH);
-	if (fd != 1) {
-		ret = read(fd, buf, sizeof(buf));
+	if (fd >= 0) {
+		ret = read(fd, buf, sizeof(buf) - 1);
+		close(fd);
 		if (ret > 0) {
 			buf[ret] = 0;
 			kpid_max = strtoul(buf, NULL, 10);
 			pr_debug("kernel pid_max=%d\n", kpid_max);
 		}
-		close (fd);
 	}
 
 	ret = read_pstree_image(&pid_max);

Comments

Pavel Emelianov Aug. 10, 2016, 1 p.m.
Applied, thanks
Laurent Dufour Aug. 17, 2016, 10:03 a.m.
On 04/08/2016 03:04, Kir Kolyshkin wrote:
> Two fixes (reported by coverity) and a minor nitpick:
> 
> 1. Fix checking error from open_proc().
> 
> 2. Fix buffer overflow. MAX_ULONG can be 20 characters long, so
> ret = read() can return 20 and buf[ret] = 0 will overrun the buf.
> Make a buf one character longer (an extra byte for \0) and pass
> sizeof(buf) - 1 to read to fix it.

Thanks for fixing my mistakes !

Acked-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>