Learn more about these different git repos.
Other Git URLs
char buf[BUFSIZE]; ... while ((ret = read(fd, buf, BUFSIZE)) != 0) { if (ret == -1) { error = errno; if (error == EINTR || error == EAGAIN) { continue; } DEBUG(1, ("read failed [%d][%s].\n", error, strerror(error))); goto fail_fd; } }
It's theoretically possible for {{{read()}}} to overrun BUFSIZE here (though it's incredibly unlikely, since we're reading from /proc, so the only way to exploit this file would be a kernel exploit)
This should be rewritten to shrink the request BUFSIZE on subsequent passes to read(). We also need to add an explicit NULL-terminator.
Also, note that buf isn't being advanced after a partial read, so it could be overwriting buf.
We should create a common sss_read() function somewhere that handles reading in a safe way, always.
Fields changed
blockedby: => blocking: => milestone: NEEDS_TRIAGE => SSSD 1.9.0 NEEDS_TRIAGE
"Nice to have" for 1.9.
milestone: SSSD 1.9.0 NEEDS_TRIAGE => SSSD 1.9.0
rhbz: => 0
feature_milestone: => keywords: Coverity => Coverity easyfix
Fixed by 9d7d445
milestone: SSSD 1.9.0 => SSSD 1.9.0 beta 1 resolution: => fixed status: new => closed
Metadata Update from @sgallagh: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.9.0 beta 1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2156
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.