0006-pgrep: Initialize the cmd*[] stack buffers.

Otherwise (for example), if the (undocumented) opt_echo is set, but not
opt_long, and not opt_longlong, and not opt_pattern, there is a call to
xstrdup(cmdoutput) but cmdoutput was never initialized:

sleep 60 & echo "$!" > pidfile
env -i LD_DEBUG=`perl -e 'print "A" x 131000'` pkill -e -c -F pidfile | xxd
...
000001c0: 4141 4141 4141 4141 4141 4141 4141 4141  AAAAAAAAAAAAAAAA
000001d0: 4141 4141 4141 4141 fcd4 e6bd e47f 206b  AAAAAAAA...... k
000001e0: 696c 6c65 6420 2870 6964 2031 3230 3931  illed (pid 12091
000001f0: 290a 310a                                ).1.
[1]+  Terminated              sleep 60

(the LD_DEBUG is just a trick to fill the initial stack with non-null
bytes, to show that there is uninitialized data from the stack in the
output; here, an address "fcd4 e6bd e47f")
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent ac85587773
commit 8e6d11a928

View File

@ -492,8 +492,8 @@ static struct el * select_procs (int *num)
regex_t *preg; regex_t *preg;
pid_t myself = getpid(); pid_t myself = getpid();
struct el *list = NULL; struct el *list = NULL;
char cmdsearch[CMDSTRSIZE]; char cmdsearch[CMDSTRSIZE] = "";
char cmdoutput[CMDSTRSIZE]; char cmdoutput[CMDSTRSIZE] = "";
char *task_cmdline; char *task_cmdline;
enum pids_fetch_type which; enum pids_fetch_type which;