diff options
author | daegeun.song <daegeun.song@lge.com> | 2015-04-22 11:31:29 +0900 |
---|---|---|
committer | daegeun.song <daegeun.song@lge.com> | 2015-04-23 08:05:14 +0900 |
commit | b03afb421def033e12ad1de4e0cb146e239fa301 (patch) | |
tree | 296daf2925bf738bfd81d6ba4e47ad65c6143a17 | |
parent | 9a6b9137db9cd00e1189322a5db5581cd67e2867 (diff) | |
download | extras-b03afb421def033e12ad1de4e0cb146e239fa301.tar.gz |
fix possible buffer overrun in librank
Use snprintf instead of sprintf and fclose() before return.
Change-Id: I2c367b2e7b943f4ed10551c18ecc971e6b830c66
Signed-off-by: Daegeun Song <daegeun.song@lge.com>
-rw-r--r-- | librank/librank.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/librank/librank.c b/librank/librank.c index 2e3c3fc5..28322b9a 100644 --- a/librank/librank.c +++ b/librank/librank.c @@ -443,13 +443,20 @@ static void usage(char *myname) { } static int getprocname(pid_t pid, char *buf, size_t len) { - char filename[20]; + char filename[32]; FILE *f; - sprintf(filename, "/proc/%d/cmdline", pid); + snprintf(filename, sizeof(filename), "/proc/%d/cmdline", pid); f = fopen(filename, "r"); - if (!f) { *buf = '\0'; return 1; } - if (!fgets(buf, len, f)) { *buf = '\0'; return 2; } + if (!f) { + *buf = '\0'; + return 1; + } + if (!fgets(buf, len, f)) { + *buf = '\0'; + fclose(f); + return 2; + } fclose(f); return 0; } |