Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Jul 2021 00:24:59 -0300
From: √Črico Nogueira <ericonr@...root.org>
To: musl@...ts.openwall.com
Cc: √Črico Nogueira <ericonr@...root.org>,
	Michael Forney <mforney@...rney.org>
Subject: [PATCH 1/2] fix error checking in pthread_getname_np

len is unsigned and can never be smaller than 0. though unlikely, an
error in read() would have lead to an out of bounds write to name.

Reported-by: Michael Forney <mforney@...rney.org>
---
 src/thread/pthread_getname_np.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/thread/pthread_getname_np.c b/src/thread/pthread_getname_np.c
index 48d1a294..85504e45 100644
--- a/src/thread/pthread_getname_np.c
+++ b/src/thread/pthread_getname_np.c
@@ -17,7 +17,7 @@ int pthread_getname_np(pthread_t thread, char *name, size_t len)
 
 	snprintf(f, sizeof f, "/proc/self/task/%d/comm", thread->tid);
 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
-	if ((fd = open(f, O_RDONLY|O_CLOEXEC)) < 0 || (len = read(fd, name, len)) < 0) status = errno;
+	if ((fd = open(f, O_RDONLY|O_CLOEXEC)) < 0 || (len = read(fd, name, len)) == -1) status = errno;
 	else name[len-1] = 0; /* remove trailing new line only if successful */
 	if (fd >= 0) close(fd);
 	pthread_setcancelstate(cs, 0);
-- 
2.32.0

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.