From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 880 invoked from network); 10 Jul 2021 03:25:34 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 10 Jul 2021 03:25:34 -0000 Received: (qmail 3118 invoked by uid 550); 10 Jul 2021 03:25:31 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 3087 invoked from network); 10 Jul 2021 03:25:31 -0000 X-Virus-Scanned: Debian amavisd-new at disroot.org From: =?UTF-8?q?=C3=89rico=20Nogueira?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1625887516; bh=+LX/67Ga7+/lespW3rIc4ccb1k6+bvAG0gE9eTmoZLg=; h=From:To:Cc:Subject:Date; b=kXlj6TacwIVocEg4lA5ayFOHxl5w9opBLiycIIl3NrHlLLnjVw5/ZC6QiRe4N4yvB xFuJNIiNxqOGm4+XTnA/5Eg2ZBPjX8l9ETxPK38DXIFF/irWTzeV0wo85qs+i8f0SS qX9jS337g7lyG8atyvcvJKYkELzibL9M5klfvODYmXFFuV2DDtuNUVTtBCK/eRv6Mi UwsOrSN9ZceLEvGO1Yugk5UHUvJn7uLFA9fHT8YVPirE/BNeFhoM1zpkmA2oieiF26 V234bmVysXmdYQaSXgTGoHdp2LycAMqW/Um0GstshoS53ZwXqfQaevvvUev6ftADTw hncsYlEW4v/hA== To: musl@lists.openwall.com Cc: =?UTF-8?q?=C3=89rico=20Nogueira?= , Michael Forney Date: Sat, 10 Jul 2021 00:24:59 -0300 Message-Id: <20210710032500.9249-1-ericonr@disroot.org> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [musl] [PATCH 1/2] fix error checking in pthread_getname_np len is unsigned and can never be smaller than 0. though unlikely, an error in read() would have lead to an out of bounds write to name. Reported-by: Michael Forney --- src/thread/pthread_getname_np.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/thread/pthread_getname_np.c b/src/thread/pthread_getname_np.c index 48d1a294..85504e45 100644 --- a/src/thread/pthread_getname_np.c +++ b/src/thread/pthread_getname_np.c @@ -17,7 +17,7 @@ int pthread_getname_np(pthread_t thread, char *name, size_t len) snprintf(f, sizeof f, "/proc/self/task/%d/comm", thread->tid); pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs); - if ((fd = open(f, O_RDONLY|O_CLOEXEC)) < 0 || (len = read(fd, name, len)) < 0) status = errno; + if ((fd = open(f, O_RDONLY|O_CLOEXEC)) < 0 || (len = read(fd, name, len)) == -1) status = errno; else name[len-1] = 0; /* remove trailing new line only if successful */ if (fd >= 0) close(fd); pthread_setcancelstate(cs, 0); -- 2.32.0