Skip to content
This repository has been archived by the owner on Apr 25, 2022. It is now read-only.

Commit

Permalink
Merge remote-tracking branch 'mrc0mmand/fix-buffer-overflow'
Browse files Browse the repository at this point in the history
  • Loading branch information
mrc0mmand committed Feb 21, 2022
2 parents 7aa2c1d + c29e0be commit 758bf76
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/dfuzzer.c
Original file line number Diff line number Diff line change
Expand Up @@ -918,7 +918,7 @@ int df_get_pid(const GDBusConnection *dcon)
*/
void df_print_process_info(int pid)
{
char proc_path[20]; // "/proc/(max5chars)/[exe|cmdline]"
char proc_path[15+DECIMAL_STR_MAX(int)]; // "/proc/(int)/[exe|cmdline]"
char name[PATH_MAX]; // for storing process and package name
char buf[PATH_MAX + MAXLEN]; // buffer for rpm/dpkg request
FILE *fp;
Expand Down
10 changes: 10 additions & 0 deletions src/dfuzzer.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,16 @@
/** Maximum length of strings containing D-Bus name, interface and object path */
#define MAXLEN 256

/* Returns the number of chars needed to format variables of the
* specified type as a decimal string. Adds in extra space for a
* negative '-' prefix (hence works correctly on signed
* types). Includes space for the trailing NUL. */
#define DECIMAL_STR_MAX(type) \
(2U+(sizeof(type) <= 1 ? 3U : \
sizeof(type) <= 2 ? 5U : \
sizeof(type) <= 4 ? 10U : \
sizeof(type) <= 8 ? 20U : sizeof(int[-2*(sizeof(type) > 8)])))

/** Structure containing D-Bus name, object path and interface of process. */
struct fuzzing_target {
/* names on D-Bus have the most MAXLEN characters */
Expand Down

0 comments on commit 758bf76

Please sign in to comment.