Red Hat Bugzilla – Bug 165167
RHEL4: buffer overflow detected in fuser
Last modified: 2007-11-30 17:07:19 EST
Description of problem:
I saw a message about a buffer overflow while my system was shutting down. I
couldn't collect the message so I had to look at the sources. There were no
_chk variants of the string functions used so it must have been the sprintf
call. Low and behold, there are a couple of problems. In kill_item (the
probably place of the message I saw) the buffer is too small for even a 5 digits
PID. We nowadays can have 7 digits or more. I looked through the code and
fixed a few more places which can cause problems. Patch is attached.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Don't know. Shut down system with many of the system processes (I guess it
was NFS/autofs related) having high >= 10000 PIDs.
no buffer overflow
Created attachment 117480 [details]
Patch to fix a few sprintf problems.
Fixed in FC4 and FC5.
The component this request has been filed against is not planned for inclusion
in the next update. The decision is based on weighting the priority and number
of requests for a component as well as the impact on the Red Hat Enterprise
Linux user-base: other components are considered having higher priority and the
number of changes we intend to include in update cycles is limited.
Product Management has reviewed and declined this request. You may appeal this
decision by reopening this request.