Red Hat Bugzilla – Bug 125172
/sbin/init buffer overrun in argv
Last modified: 2014-03-16 22:45:55 EDT
When overwriting argv to change the process title, init is
overflowing the buffer by one byte. This was causing it to overwrite
the environment, making children of init loose the environment
variables form the kernel.
I'm attaching a patch that fixes the overflow for me, but I'd like to
point out that maxproclen is used in a way that also might be broken.
The comment says that its supposed to count the length of argv, but
the length of any arguments are also added to it, and then a buffer of
that size starting from argv is zeroed. Is it really guaranteed
that the arguments passed in argv are consecutive in memory? I'm not
Created attachment 100824 [details]
don't overflow argv
Added in 2.85-28, thanks!
Package name is now sysvinit in latest Fedora.