+++ This bug was initially created as a clone of Bug #165167 +++ Description of problem: I saw a message about a buffer overflow while my system was shutting down. I couldn't collect the message so I had to look at the sources. There were no _chk variants of the string functions used so it must have been the sprintf call. Low and behold, there are a couple of problems. In kill_item (the probably place of the message I saw) the buffer is too small for even a 5 digits PID. We nowadays can have 7 digits or more. I looked through the code and fixed a few more places which can cause problems. Patch is attached. Version-Release number of selected component (if applicable): psmisc-21.5-4. How reproducible: Didn't try Steps to Reproduce: 1.Don't know. Shut down system with many of the system processes (I guess it was NFS/autofs related) having high >= 10000 PIDs. 2. 3. Actual results: buffer overflow Expected results: no buffer overflow Additional info: -- Additional comment from drepper on 2005-08-04 16:09 EST -- Created an attachment (id=117480) Patch to fix a few sprintf problems. -- Additional comment from kzak on 2005-09-08 08:13 EST -- Fixed in FC4 and FC5. -- Additional comment from kzak on 2005-09-08 08:17 EST -- The report is valid for RHEL3 and RHEL4 too.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0394.html