First Last Prev Next    This bug is not in your last search results.
Bug 125172 - /sbin/init buffer overrun in argv[0]
/sbin/init buffer overrun in argv[0]
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: sysvinit (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
:
Depends On:
Blocks: ReadOnlyFS
  Show dependency treegraph
 
Reported: 2004-06-03 08:46 EDT by Alexander Larsson
Modified: 2014-03-16 22:45 EDT (History)
1 user (show)

See Also:
Fixed In Version: 2.85-28
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-06-03 10:47:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
don't overflow argv[0] (838 bytes, patch)
2004-06-03 08:49 EDT, Alexander Larsson 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Alexander Larsson 2004-06-03 08:46:03 EDT 
When overwriting argv[0] to change the process title, init is
overflowing the buffer by one byte. This was causing it to overwrite
the environment, making children of init loose the environment
variables form the kernel.

I'm attaching a patch that fixes the overflow for me, but I'd like to
point out that maxproclen is used in a way that also might be broken.
The comment says that its supposed to count the length of argv[0], but
the length of any arguments are also added to it, and then a buffer of
that size starting from argv[0] is zeroed. Is it really guaranteed
that the arguments passed in argv[] are consecutive in memory? I'm not
sure.
Comment 1 Alexander Larsson 2004-06-03 08:49:41 EDT 
Created attachment 100824 [details]
don't overflow argv[0]
Comment 2 Bill Nottingham 2004-06-03 10:47:41 EDT 
Added in 2.85-28, thanks!
Comment 3 David Lawrence 2007-06-21 22:18:16 EDT 
Package name is now sysvinit in latest Fedora.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.