Created attachment 562366 [details, diff] fix overflow in openrc There is a possible buffer overflow in the function pid_is_argv(). The relevant pieces of the code: char buffer[PATH_MAX]; [...] bytes = read(fd, buffer, sizeof(buffer)); [...] buffer[bytes] = '\0'; So it's reading a maximum of sizeof(buffer), and then it will put a zero terminator at the end. If the read reaches the maximum then the zero terminator will end up one byte after the buffer, leading to an overflow. Can be fixed by reading only sizeof(buffer)-1. Patch attached. While this is a buffer overflow, I don't think it's plausible to assume this is in any way attacker controlled, so not handling this as a security bug.
The patch does not apply to current HEAD, but this looks to now be fixed another way. If it isn't, feel free to reopen. Thanks, William