diff options
| author | Paul Buetow <paul@buetow.org> | 2026-03-19 08:30:51 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-03-19 08:30:51 +0200 |
| commit | 7d064970c846c6d52af1c114b213a1cd89d88865 (patch) | |
| tree | 85765864bb0d5289d8c640abafdb815b1759b54f | |
| parent | 4cf0dd3b0bd2aa2c63d72490ccf3c57d1b16c664 (diff) | |
fix: bound capture command formatting (task 472)
| -rw-r--r-- | ioriot/src/capture/capture.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/ioriot/src/capture/capture.c b/ioriot/src/capture/capture.c index 249066d..0791c86 100644 --- a/ioriot/src/capture/capture.c +++ b/ioriot/src/capture/capture.c @@ -34,8 +34,12 @@ status_e capture_run(options_s *opts) } Put("Release of currently running Kernel: %s", uts.release); - char modules_dir[128]; - sprintf(modules_dir, "/opt/ioriot/systemtap/%s", uts.release); + char modules_dir[MAX_LINE_LEN]; + if (snprintf(modules_dir, sizeof(modules_dir), + "/opt/ioriot/systemtap/%s", uts.release) + >= (int) sizeof(modules_dir)) { + Error("Module path is too long for the capture buffer!"); + } Put("Changing directory to module path: %s/", modules_dir); if (0 != chdir(modules_dir)) { @@ -65,13 +69,21 @@ status_e capture_run(options_s *opts) "runtime (usually package 'systemtap-runtime') installed!"); } - char staprun_command[128]; + char staprun_command[MAX_LINE_LEN]; if (opts->pid >= 0) { - sprintf(staprun_command, "%s %s -v -o %s -x %d", staprun_path, opts->module, - opts->capture_file, opts->pid); + if (snprintf(staprun_command, sizeof(staprun_command), + "%s %s -v -o %s -x %d", staprun_path, opts->module, + opts->capture_file, opts->pid) + >= (int) sizeof(staprun_command)) { + Error("staprun command is too long for the capture buffer!"); + } } else { - sprintf(staprun_command, "%s %s -v -o %s", staprun_path, opts->module, - opts->capture_file); + if (snprintf(staprun_command, sizeof(staprun_command), + "%s %s -v -o %s", staprun_path, opts->module, + opts->capture_file) + >= (int) sizeof(staprun_command)) { + Error("staprun command is too long for the capture buffer!"); + } } Out("NOTICE: It is good practise first to stop all processes, then to "); |