+++ This bug was initially created as a clone of Bug #165167 +++
Description of problem:
I saw a message about a buffer overflow while my system was shutting down. I
couldn't collect the message so I had to look at the sources. There were no
_chk variants of the string functions used so it must have been the sprintf
call. Low and behold, there are a couple of problems. In kill_item (the
probably place of the message I saw) the buffer is too small for even a 5 digits
PID. We nowadays can have 7 digits or more. I looked through the code and
fixed a few more places which can cause problems. Patch is attached.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Don't know. Shut down system with many of the system processes (I guess it
was NFS/autofs related) having high >= 10000 PIDs.
no buffer overflow
-- Additional comment from firstname.lastname@example.org on 2005-08-04 16:09 EST --
Created an attachment (id=117480)
Patch to fix a few sprintf problems.
-- Additional comment from email@example.com on 2005-09-08 08:13 EST --
Fixed in FC4 and FC5.
-- Additional comment from firstname.lastname@example.org on 2005-09-08 08:17 EST --
The report is valid for RHEL3 and RHEL4 too.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.