From: Duncan Overbruck <mail@duncano.de>
Date: Mon, 3 Feb 2020 21:17:43 +0000 (+0100)
Subject: timestamp.c: correctly NUL terminate buffer read from /proc/pid/stat
X-Git-Tag: v6.6.1~2
X-Git-Url: https://git.armaanb.net/?p=opendoas.git;a=commitdiff_plain;h=5debef098b7ebba67da5db9fbb020a7cd0f90a7f

timestamp.c: correctly NUL terminate buffer read from /proc/pid/stat

This solves buf #28.
---

diff --git a/timestamp.c b/timestamp.c
index 38c89ff..75a3af7 100644
--- a/timestamp.c
+++ b/timestamp.c
@@ -98,12 +98,12 @@ proc_info(pid_t pid, int *ttynr, unsigned long long *starttime)
 	if (n < 0 || n >= (int)sizeof path)
 		return -1;
 
-	if ((fd = open(path, O_RDONLY)) == -1) {
+	if ((fd = open(path, O_RDONLY|O_NOFOLLOW)) == -1) {
 		warn("failed to open: %s", path);
 		return -1;
 	}
 
-	while ((n = read(fd, p, buf + sizeof buf - p)) != 0) {
+	while ((n = read(fd, p, buf + (sizeof buf - 1) - p)) != 0) {
 		if (n == -1) {
 			if (errno == EAGAIN || errno == EINTR)
 				continue;
@@ -112,15 +112,18 @@ proc_info(pid_t pid, int *ttynr, unsigned long long *starttime)
 			return -1;
 		}
 		p += n;
-		if (p >= buf + sizeof buf)
+		if (p >= buf + (sizeof buf - 1))
 			break;
 	}
 	close(fd);
 
 	/* error if it contains NULL bytes */
-	if (n != 0 || memchr(buf, '\0', p - buf)) {
+	if (n != 0 || memchr(buf, '\0', p - buf - 1) != NULL) {
 		warn("NUL in: %s", path);
 		return -1;
+	}
+
+	*p = '\0';
 
 	/* Get the 7th field, 5 fields after the last ')',
 	 * (2th field) because the 5th field 'comm' can include