possible fix for buffer overrun

koolkt / procname

Automatically exported from code.google.com/p/procname

0 stars 0 forks source link

possible fix for buffer overrun #3

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

Line 49 of procnamemodule.c line 49 is:

strncpy(argv[0], name , strlen(name));

For a really long name this risks overwriting other arguments. It seems
safer to do:

strncpy(argv[0], name , strlen(argv[0]));

Original issue reported on code.google.com by hroeh...@gmail.com on 10 Dec 2008 at 6:17

GoogleCodeExporter commented 9 years ago

I think the name should have 16 bytes max, respecting the PR_SET_NAME option in 
the
prctl() call:

http://manpages.courier-mta.org/htmlman2/prctl.2.html

Original comment by fernandezm on 5 Apr 2009 at 8:16