api.c: Fix potential buffer overflow

It is assumed that arguments read from /proc/<pid>/cmdline don't exceed
buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's
not always the case.

Add check to prevent buffer overflow and discard the excessive part of
an argument.

Signed-off-by: Nikola Forró <nforro@redhat.com>
Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>

diff --git a/src/api.c b/src/api.c
index 92730e6a435587573c6a254a03badf82c457dfb5..959a814092e7e0a64aaef02e32f6ec8ec341e65f 100644 (file)
--- a/src/api.c
+++ b/src/api.c
@@ -4601,13 +4601,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid,
 
        while (c != EOF) {
                c = fgetc(f);
-               if ((c != EOF) && (c != '\0')) {
+               if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) {
                        buf_pname[len] = c;
                        len++;
                        continue;
                }
                buf_pname[len] = '\0';
 
+               if (len == FILENAME_MAX - 1)
+                       while ((c != EOF) && (c != '\0'))
+                               c = fgetc(f);
+
                /*
                 * The taken process name from /proc/<pid>/status is
                 * shortened to 15 characters if it is over. So the