Bug 1214749
| Summary: | libreport: harden against long path names | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Florian Weimer <fweimer> |
| Component: | libreport | Assignee: | Jakub Filak <jfilak> |
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.1 | CC: | jberan, jfilak, mkyral |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-07-07 10:25:51 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1211224, 1214172 | ||
> Note that this code will likely go away if bug 1214745 is fixed ...
Thanks, we will go this way, so the static allocations will disappear.
Closing as WONTFIX per comment #2 (the affected code will be completely replaced). |
In src/lib/dump_dir.c, there are several places where names are allocated on the stack, either as fixed-sized buffers or with VLAs: static const char *dd_check(struct dump_dir *dd) { unsigned dirname_len = strlen(dd->dd_dirname); char filename_buf[FILENAME_MAX+1]; strcpy(filename_buf, dd->dd_dirname); strcpy(filename_buf + dirname_len, "/"FILENAME_TIME); static int dd_lock(struct dump_dir *dd, unsigned sleep_usec, int flags) { … unsigned dirname_len = strlen(dd->dd_dirname); char lock_buf[dirname_len + sizeof("/.lock")]; strcpy(lock_buf, dd->dd_dirname); strcpy(lock_buf + dirname_len, "/.lock"); These should be changed to use heap allocations instead, perhaps with the help of concat_path_file. Note that this code will likely go away if bug 1214745 is fixed because there is less need for path name construction (in this context, concat_path_file is pretty much an anti-pattern, except if used in error messages).