netbsd-bugs: bin/3266: 2k written to 256 byte buffer in /bin/ps

Subject: bin/3266: 2k written to 256 byte buffer in /bin/ps
To: None <gnats-bugs@gnats.netbsd.org>
From: None <gwing@primenet.com.au>
List: netbsd-bugs
Date: 02/28/1997 11:34:14

>Number:         3266
>Category:       bin
>Synopsis:       2k written to 256 byte buffer in /bin/ps
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Feb 28 03:50:00 1997
>Last-Modified:
>Originator:     Geoff Wing
>Organization:
Geoff Wing [mason@primenet.com.au]   Technical Manager
  Phone    : +61-3-9818 2977         PrimeNet - Internet Consultancy
  Facsimile: +61-3-9819 3788         Web : <URL:http://www.primenet.com.au/>
  Mobile   : 0412 162 441
>Release:        NetBSD 1.2[BC]
>Environment:
System: NetBSD coral.primenet.com.au 1.2B NetBSD 1.2B (CORAL) #8: Fri Jan 31 17:11:02 EST 1997 root@coral.primenet.com.au:/src/netbsd/src/sys/arch/i386/compile/CORAL i386


>Description:
	/bin/ps.c sets up an errbuf of 256 bytes which it passes to 
	kvm_openfiles() - which at one point may like to
	strncpy(errbuf, .... , _POSIX2_LINE_MAX - 1)
	Result is bus error.
	This is with kvm.old but by quick inspection kvm does the same thing.

>How-To-Repeat:
	% ps 1 2
>Fix:

*** /usr/src/bin/ps/ps.c	Tue Oct 15 01:23:11 1996
--- /usr/obj/bin/ps/ps.c	Fri Feb 28 22:21:23 1997
***************
*** 63,68 ****
--- 63,69 ----
  #include <kvm.h>
  #include <nlist.h>
  #include <paths.h>
+ #include <limits.h>
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
***************
*** 116,122 ****
  	uid_t uid;
  	int all, ch, flag, i, fmt, lineno, nentries;
  	int prtheader, wflag, what, xflg;
! 	char *nlistf, *memf, *swapf, errbuf[256];
  
  	if ((ioctl(STDOUT_FILENO, TIOCGWINSZ, (char *)&ws) == -1 &&
  	     ioctl(STDERR_FILENO, TIOCGWINSZ, (char *)&ws) == -1 &&
--- 117,123 ----
  	uid_t uid;
  	int all, ch, flag, i, fmt, lineno, nentries;
  	int prtheader, wflag, what, xflg;
! 	char *nlistf, *memf, *swapf, errbuf[_POSIX2_LINE_MAX];
  
  	if ((ioctl(STDOUT_FILENO, TIOCGWINSZ, (char *)&ws) == -1 &&
  	     ioctl(STDERR_FILENO, TIOCGWINSZ, (char *)&ws) == -1 &&
>Audit-Trail:
>Unformatted: