Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 125172 - /sbin/init buffer overrun in argv[0]
/sbin/init buffer overrun in argv[0]
Product: Fedora
Classification: Fedora
Component: sysvinit (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
Depends On:
Blocks: ReadOnlyFS
  Show dependency treegraph
Reported: 2004-06-03 08:46 EDT by Alexander Larsson
Modified: 2014-03-16 22:45 EDT (History)
1 user (show)

See Also:
Fixed In Version: 2.85-28
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-06-03 10:47:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
don't overflow argv[0] (838 bytes, patch)
2004-06-03 08:49 EDT, Alexander Larsson
no flags Details | Diff

  None (edit)
Description Alexander Larsson 2004-06-03 08:46:03 EDT
When overwriting argv[0] to change the process title, init is
overflowing the buffer by one byte. This was causing it to overwrite
the environment, making children of init loose the environment
variables form the kernel.

I'm attaching a patch that fixes the overflow for me, but I'd like to
point out that maxproclen is used in a way that also might be broken.
The comment says that its supposed to count the length of argv[0], but
the length of any arguments are also added to it, and then a buffer of
that size starting from argv[0] is zeroed. Is it really guaranteed
that the arguments passed in argv[] are consecutive in memory? I'm not
Comment 1 Alexander Larsson 2004-06-03 08:49:41 EDT
Created attachment 100824 [details]
don't overflow argv[0]
Comment 2 Bill Nottingham 2004-06-03 10:47:41 EDT
Added in 2.85-28, thanks!
Comment 3 David Lawrence 2007-06-21 22:18:16 EDT
Package name is now sysvinit in latest Fedora.

Note You need to log in before you can comment on or make changes to this bug.