Bug 125172

Summary: /sbin/init buffer overrun in argv[0]
Product: [Fedora] Fedora Reporter: Alexander Larsson <alexl>
Component: sysvinitAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 2CC: rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.85-28 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-06-03 14:47:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 124120    
Attachments:
Description Flags
don't overflow argv[0] none

Description Alexander Larsson 2004-06-03 12:46:03 UTC 
When overwriting argv[0] to change the process title, init is
overflowing the buffer by one byte. This was causing it to overwrite
the environment, making children of init loose the environment
variables form the kernel.

I'm attaching a patch that fixes the overflow for me, but I'd like to
point out that maxproclen is used in a way that also might be broken.
The comment says that its supposed to count the length of argv[0], but
the length of any arguments are also added to it, and then a buffer of
that size starting from argv[0] is zeroed. Is it really guaranteed
that the arguments passed in argv[] are consecutive in memory? I'm not
sure.
Comment 1 Alexander Larsson 2004-06-03 12:49:41 UTC 
Created attachment 100824 [details]
don't overflow argv[0]
Comment 2 Bill Nottingham 2004-06-03 14:47:41 UTC 
Added in 2.85-28, thanks!
Comment 3 David Lawrence 2007-06-22 02:18:16 UTC 
Package name is now sysvinit in latest Fedora.