Created attachment 124720 [details] [review]
patch to fix this issue
The function strncpy() does not guarantee to nul terminate the
destination. In most cases, this cannot be triggered, but it is also
used to parse user environment variables. These are allowed to be longer
than 1023 characters, effectively resulting in an unterminated string.
I've adjusted other places as well, because it won't hurt.
@@ -546,6 +546,7 @@ static int open_tracing_specil_file(
FILE *fp = NULL;
strncpy(env_value, fn_env, 1024);
+ env_value = '\0';
should the index be 1023 instead of 0?
Oops, yes of course. It has to be 1023 instead of 0, thanks for spotting. :)
Author: Tobias Stoeckmann <email@example.com>
Date: Sat Jun 25 20:08:31 2016 +0200
Properly terminate parsed environment values with '\0'.