From: Thomas Renninger <trenn@suse.de>
Subject: Fix buffer overflow in add_event_handler read
References: bsc#1241567
Patch-Mainline: not yet
Git-commit: 46bed1b6845bcb560d760b4cacea7df67cd6d1fd


If the first read in ras-events.c:862 is successful, it will be tried
to read more out of the fd, without re-allocating more memory.

Submitted mainline:
https://github.com/mchehab/rasdaemon/pull/212

Signed-off-by: Thomas Renninger <trenn@suse.de>


Signed-off-by:  <trenn@suse.de>
diff --git a/ras-events.c b/ras-events.c
index 6692a31..c7ee801 100644
--- a/ras-events.c
+++ b/ras-events.c
@@ -859,6 +859,17 @@ static int add_event_handler(struct ras_events *ras, struct tep_handle *pevent,
 	}
 
 	do {
+		if (size > 0) {
+			page = realloc(page, page_size + size);
+                        if (!page) {
+				rc = -errno;
+				log(TERM, LOG_ERR,
+				    "Can't reallocate page to read %s:%s"
+				    " format\n", group, event);
+				close(fd);
+				return rc;
+                        }
+                }
 		rc = read(fd, page + size, page_size);
 		if (rc < 0) {
 			log(TERM, LOG_ERR, "Can't get arch page size\n");