Blame SOURCES/0098-ccpp-check-for-overflow-in-abrt-coredump-path-creati.patch

a60cd7
From 28ce40d8db91c1926a95f21ef19a980a8af88471 Mon Sep 17 00:00:00 2001
a60cd7
From: Jakub Filak <jfilak@redhat.com>
a60cd7
Date: Fri, 17 Apr 2015 14:43:59 +0200
a60cd7
Subject: [ABRT PATCH] ccpp: check for overflow in abrt coredump path creation
a60cd7
a60cd7
This issue was discovered by Florian Weimer of Red Hat Product Security.
a60cd7
a60cd7
Signed-off-by: Jakub Filak <jfilak@redhat.com>
a60cd7
---
a60cd7
 src/hooks/abrt-hook-ccpp.c | 4 +++-
a60cd7
 1 file changed, 3 insertions(+), 1 deletion(-)
a60cd7
a60cd7
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
a60cd7
index d9f1f5e..81f9349 100644
a60cd7
--- a/src/hooks/abrt-hook-ccpp.c
a60cd7
+++ b/src/hooks/abrt-hook-ccpp.c
a60cd7
@@ -669,7 +669,9 @@ int main(int argc, char** argv)
a60cd7
          * and maybe crash again...
a60cd7
          * Unlike dirs, mere files are ignored by abrtd.
a60cd7
          */
a60cd7
-        snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash);
a60cd7
+        if (snprintf(path, sizeof(path), "%s/%s-coredump", g_settings_dump_location, last_slash) >= sizeof(path))
a60cd7
+            error_msg_and_die("Error saving '%s': truncated long file path", path);
a60cd7
+
a60cd7
         int abrt_core_fd = xopen3(path, O_WRONLY | O_CREAT | O_TRUNC, 0600);
a60cd7
         off_t core_size = copyfd_eof(STDIN_FILENO, abrt_core_fd, COPYFD_SPARSE);
a60cd7
         if (core_size < 0 || fsync(abrt_core_fd) != 0)
a60cd7
-- 
a60cd7
1.8.3.1
a60cd7