summaryrefslogtreecommitdiff
path: root/sys/kern
diff options
context:
space:
mode:
authorMoritz Jodeit <moritz@cvs.openbsd.org>2007-05-30 07:42:53 +0000
committerMoritz Jodeit <moritz@cvs.openbsd.org>2007-05-30 07:42:53 +0000
commitfcdde353bb85f1845ab4e0db235f42e459898b86 (patch)
tree07454f270db4d96b3d6e36c41ce7cfb9d340a7d6 /sys/kern
parent44323307e53bac8514afe258a79c7de0706a2f84 (diff)
Adjust filename buffer for the new /var/crash prefix to prevent
truncation and add an additional truncation check. ok deraadt@ tedu@
Diffstat (limited to 'sys/kern')
-rw-r--r--sys/kern/kern_sig.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index d1135a04f21..2d390aa0492 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_sig.c,v 1.93 2007/05/29 00:26:29 jcs Exp $ */
+/* $OpenBSD: kern_sig.c,v 1.94 2007/05/30 07:42:52 moritz Exp $ */
/* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */
/*
@@ -1356,8 +1356,8 @@ coredump(struct proc *p)
struct vmspace *vm = p->p_vmspace;
struct nameidata nd;
struct vattr vattr;
- int error, error1;
- char name[MAXCOMLEN+6]; /* progname.core */
+ int error, error1, len;
+ char name[sizeof("/var/crash/") + MAXCOMLEN + sizeof(".core")];
char *dir = "";
struct core core;
@@ -1379,6 +1379,10 @@ coredump(struct proc *p)
p->p_rlimit[RLIMIT_CORE].rlim_cur)
return (EFBIG);
+ len = snprintf(name, sizeof(name), "%s%s.core", dir, p->p_comm);
+ if (len >= sizeof(name))
+ return (EACCES);
+
/*
* ... but actually write it as UID
*/
@@ -1386,7 +1390,6 @@ coredump(struct proc *p)
cred->cr_uid = p->p_cred->p_ruid;
cred->cr_gid = p->p_cred->p_rgid;
- snprintf(name, sizeof name, "%s%s.core", dir, p->p_comm);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p);
error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR);