Description of problem: I saw a message about a buffer overflow while my system was shutting down. I couldn't collect the message so I had to look at the sources. There were no _chk variants of the string functions used so it must have been the sprintf call. Low and behold, there are a couple of problems. In kill_item (the probably place of the message I saw) the buffer is too small for even a 5 digits PID. We nowadays can have 7 digits or more. I looked through the code and fixed a few more places which can cause problems. Patch is attached. Version-Release number of selected component (if applicable): psmisc-21.5-4. How reproducible: Didn't try Steps to Reproduce: 1.Don't know. Shut down system with many of the system processes (I guess it was NFS/autofs related) having high >= 10000 PIDs. 2. 3. Actual results: buffer overflow Expected results: no buffer overflow Additional info:
Created attachment 117480 [details] Patch to fix a few sprintf problems.
Fixed in FC4 and FC5.
The component this request has been filed against is not planned for inclusion in the next update. The decision is based on weighting the priority and number of requests for a component as well as the impact on the Red Hat Enterprise Linux user-base: other components are considered having higher priority and the number of changes we intend to include in update cycles is limited.
Product Management has reviewed and declined this request. You may appeal this decision by reopening this request.