busybox: fix busybox lock applet pidstr buffer overflow
authorQichao Zhang <njuzhangqichao@gmail.com>
Sun, 20 Mar 2022 01:43:22 +0000 (09:43 +0800)
committerHauke Mehrtens <hauke@hauke-m.de>
Wed, 30 Mar 2022 16:33:38 +0000 (18:33 +0200)
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.

Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
package/utils/busybox/patches/220-add_lock_util.patch

index 4e46b74f0e786b89c3a8cab5db90c3ea156fd3f3..623121b9fb9fd1913230424b217cc648a5fe32d2 100644 (file)
@@ -72,9 +72,9 @@
 +
 +static int do_lock(void)
 +{
-+      int pid;
++      pid_t pid;
 +      int flags;
-+      char pidstr[8];
++      char pidstr[12];
 +
 +      if ((fd = open(file, O_RDWR | O_CREAT | O_EXCL, 0700)) < 0) {
 +              if ((fd = open(file, O_RDWR)) < 0) {
 +              if (!waitonly) {
 +                      lseek(fd, 0, SEEK_SET);
 +                      ftruncate(fd, 0);
-+                      sprintf(pidstr, "%d\n", pid);
++                      snprintf(sizeof(pidstr), pidstr, "%d\n", pid);
 +                      write(fd, pidstr, strlen(pidstr));
 +                      close(fd);
 +              }