0026-skill: Fix double-increment of pid_count.
No need to "pid_count++;" because "ENLIST(pid," does it already. Right now this can trigger a heap-based buffer overflow. Also, remove the unneeded "pid_count = 0;" (it is static, and skillsnice_parse() is called only once; and the other *_count variables are not initialized explicitly either).
This commit is contained in:
Qualys Security Advisory
-
committed by
Craig Small
parent
18efff2a1f
commit
3f75d105b9
4
skill.c
4
skill.c
@ -429,8 +429,6 @@ static void parse_options(int argc,
|
|||||||
sig_or_pri = signo;
|
sig_or_pri = signo;
|
||||||
}
|
}
|
||||||
|
|
||||||
pid_count = 0;
|
|
||||||
|
|
||||||
while ((ch =
|
while ((ch =
|
||||||
getopt_long(argc, argv, "c:dfilnp:Lt:u:vwhV", longopts,
|
getopt_long(argc, argv, "c:dfilnp:Lt:u:vwhV", longopts,
|
||||||
NULL)) != -1)
|
NULL)) != -1)
|
||||||
@ -457,7 +455,6 @@ static void parse_options(int argc,
|
|||||||
ENLIST(pid,
|
ENLIST(pid,
|
||||||
strtol_or_err(optarg,
|
strtol_or_err(optarg,
|
||||||
_("failed to parse argument")));
|
_("failed to parse argument")));
|
||||||
pid_count++;
|
|
||||||
break;
|
break;
|
||||||
case 'L':
|
case 'L':
|
||||||
pretty_print_signals();
|
pretty_print_signals();
|
||||||
@ -526,7 +523,6 @@ static void parse_options(int argc,
|
|||||||
num = strtol(argv[0], &end, 10);
|
num = strtol(argv[0], &end, 10);
|
||||||
if (errno == 0 && argv[0] != end && end != NULL && *end == '\0') {
|
if (errno == 0 && argv[0] != end && end != NULL && *end == '\0') {
|
||||||
ENLIST(pid, num);
|
ENLIST(pid, num);
|
||||||
pid_count++;
|
|
||||||
} else {
|
} else {
|
||||||
ENLIST(cmd, argv[0]);
|
ENLIST(cmd, argv[0]);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user