40 lines
1.1 KiB
Diff
40 lines
1.1 KiB
Diff
|
From: Thomas Renninger <trenn@suse.de>
|
||
|
|
Subject: Fix buffer overflow in add_event_handler read
|
||
|
|
References: bsc#1241567
|
||
|
|
Patch-Mainline: not yet
|
||
|
|
Git-commit: 46bed1b6845bcb560d760b4cacea7df67cd6d1fd
|
||
|
|
|
||
|
|
|
||
|
|
If the first read in ras-events.c:862 is successful, it will be tried
|
||
|
|
to read more out of the fd, without re-allocating more memory.
|
||
|
|
|
||
|
|
Submitted mainline:
|
||
|
|
https://github.com/mchehab/rasdaemon/pull/212
|
||
|
|
|
||
|
|
Signed-off-by: Thomas Renninger <trenn@suse.de>
|
||
|
|
|
||
|
|
|
||
|
|
Signed-off-by: <trenn@suse.de>
|
||
|
|
diff --git a/ras-events.c b/ras-events.c
|
||
|
|
index 6692a31..c7ee801 100644
|
||
|
|
--- a/ras-events.c
|
||
|
|
+++ b/ras-events.c
|
||
|
|
@@ -859,6 +859,17 @@ static int add_event_handler(struct ras_events *ras, struct tep_handle *pevent,
|
||
|
|
}
|
||
|
|
|
||
|
|
do {
|
||
|
|
+ if (size > 0) {
|
||
|
|
+ page = realloc(page, page_size + size);
|
||
|
|
+ if (!page) {
|
||
|
|
+ rc = -errno;
|
||
|
|
+ log(TERM, LOG_ERR,
|
||
|
|
+ "Can't reallocate page to read %s:%s"
|
||
|
|
+ " format\n", group, event);
|
||
|
|
+ close(fd);
|
||
|
|
+ return rc;
|
||
|
|
+ }
|
||
|
|
+ }
|
||
|
|
rc = read(fd, page + size, page_size);
|
||
|
|
if (rc < 0) {
|
||
|
|
log(TERM, LOG_ERR, "Can't get arch page size\n");
|