setproctitle: fix out of boundary access - openslx/kernel-qcow2-util-linux.git

diff options

author	Tobias Stoeckmann	2017-09-25 21:55:34 +0200
committer	Karel Zak	2017-09-26 12:04:41 +0200
commit	c7f87da2ba6b1e0bfcd3a41737483100010778d4 (patch)
tree	3ceed6ce3a6e5ea7485ea871e2bd5f96dbfec985 /disk-utils
parent	login: fix signal race (diff)
download	kernel-qcow2-util-linux-c7f87da2ba6b1e0bfcd3a41737483100010778d4.tar.gz kernel-qcow2-util-linux-c7f87da2ba6b1e0bfcd3a41737483100010778d4.tar.xz kernel-qcow2-util-linux-c7f87da2ba6b1e0bfcd3a41737483100010778d4.zip

setproctitle: fix out of boundary access

A program using setproctitle can trigger an out of boundary access if an attacker was able to clear the environment before execution. The check in setproctitle prevents overflows, but does not take into account that the whole length of the arguments could be 1, which is possible by supplying such a program name to execlp(3) or using a symbolic link, e.g. argv[0] = "l", argv[1] = NULL. Only login uses setproctitle, which is not affected by this problem due to initializing the environment right before the call.

Diffstat (limited to 'disk-utils')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: