Hi!
I created a patch that increases the buffer size as suggested and includes a
check whether p is
zero.
Best regards,
Philipp Spitzer
diff -u qps-1.9.18.6/debian/changelog qps-1.9.18.6/debian/changelog
--- qps-1.9.18.6/debian/changelog
+++ qps-1.9.18.6/debian/changelog
@@ -1,3 +1,12 @@
+qps (1.9.18.6-2.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Increased the buffer size like suggested by Wolfgang Weisselberg in the
+ bug report and closed a potential buffer overflow risk (also pointed out
+ at the bug report). Closes: #527444
+
+ -- Philipp Spitzer <philipp+deb...@spitzer.priv.at> Mon, 30 Nov 2009 19:42:18 +0100
+
qps (1.9.18.6-2.2) unstable; urgency=low
* Non-maintainer upload.
only in patch2:
unchanged:
--- qps-1.9.18.6.orig/proc_linux.cpp
+++ qps-1.9.18.6/proc_linux.cpp
@@ -666,7 +666,7 @@
void Procinfo::read_common()
{
char path[80];
- char buf[4096 + 1];
+ char buf[16384 + 1];
char *p;
int n;
@@ -797,7 +797,12 @@
// cpu_time(CPUTIME_IDLE) incorrectly, since it doesn't take the number of
// cpus into account. This is fixed in 2.1.x kernels, and since 2.0.x
// is rather old (and unsuited for SMP anyway) we don't work around it.
- p = strstr(buf, "btime") + 6;
+ p = strstr(buf, "btime ");
+ if (!p) {
+ fprintf(stderr, "Error reading btime\n");
+ abort();
+ }
+ p += 6; // length("btime ")
sscanf(p, "%lu", &boot_time);
}
