Mercurial > libpst
comparison src/readpst.c @ 357:544d57fe6bc6
From Jeffrey Morlan:
try_fork in readpst.c doesn't check that active_children <
max_children before forking a child and adding it to the array. This can
cause a buffer overflow.
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Wed, 06 Jul 2016 10:17:49 -0700 |
| parents | 843705c25b45 |
| children | 6abc3054cba2 |
comparison
equal
deleted
inserted
replaced
| 356:fec7f4fca713 | 357:544d57fe6bc6 |
|---|---|
| 201 pid_t try_fork(char *folder) | 201 pid_t try_fork(char *folder) |
| 202 { | 202 { |
| 203 #ifdef HAVE_FORK | 203 #ifdef HAVE_FORK |
| 204 #ifdef HAVE_SEMAPHORE_H | 204 #ifdef HAVE_SEMAPHORE_H |
| 205 int available = grim_reaper(0); | 205 int available = grim_reaper(0); |
| 206 if (available) { | 206 // If children have called sem_post but not exited yet, we could have available > 0 but active_children == max_children |
| 207 if (available && active_children < max_children) { | |
| 207 sem_wait(global_children); | 208 sem_wait(global_children); |
| 208 pid_t child = fork(); | 209 pid_t child = fork(); |
| 209 if (child < 0) { | 210 if (child < 0) { |
| 210 // fork failed, pretend it worked and we are the child | 211 // fork failed, pretend it worked and we are the child |
| 211 return 0; | 212 return 0; |