From 3f75d105b9405664f3db2958bdecf298ea15a5c2 Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] 0026-skill: Fix double-increment of pid_count. No need to "pid_count++;" because "ENLIST(pid," does it already. Right now this can trigger a heap-based buffer overflow. Also, remove the unneeded "pid_count = 0;" (it is static, and skillsnice_parse() is called only once; and the other *_count variables are not initialized explicitly either). --- skill.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/skill.c b/skill.c index 16dc4e39..0f421d3b 100644 --- a/skill.c +++ b/skill.c @@ -429,8 +429,6 @@ static void parse_options(int argc, sig_or_pri = signo; } - pid_count = 0; - while ((ch = getopt_long(argc, argv, "c:dfilnp:Lt:u:vwhV", longopts, NULL)) != -1) @@ -457,7 +455,6 @@ static void parse_options(int argc, ENLIST(pid, strtol_or_err(optarg, _("failed to parse argument"))); - pid_count++; break; case 'L': pretty_print_signals(); @@ -526,7 +523,6 @@ static void parse_options(int argc, num = strtol(argv[0], &end, 10); if (errno == 0 && argv[0] != end && end != NULL && *end == '\0') { ENLIST(pid, num); - pid_count++; } else { ENLIST(cmd, argv[0]); }