12255 proc_get_fdinfo() crash if fdinfo file grows

Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Robert Mustacchi <rm@fingolfin.org>
Approved by: Dan McDonald <danmcd@joyent.com>

2 files changed, 7 insertions, 2 deletions

diff --git a/usr/src/lib/libproc/common/proc_fd.c b/usr/src/lib/libproc/common/proc_fd.c
index e491934c16..6d5c09315a 100644
--- a/usr/src/lib/libproc/common/proc_fd.c
+++ b/usr/src/lib/libproc/common/proc_fd.c
@@ -155,7 +155,8 @@ proc_get_fdinfo(pid_t pid, int fd)
 			break;
 		}
 
-		if ((l = read(ifd, info, st.st_size)) == -1) {
+		if (lseek(ifd, 0, SEEK_SET) != 0 ||
+		    (l = read(ifd, info, st.st_size)) == -1) {
 			err = errno;
 			break;
 		}
@@ -164,6 +165,9 @@ proc_get_fdinfo(pid_t pid, int fd)
 
 		off = offsetof(prfdinfo_t, pr_misc);
 
+		if (l < off + sizeof (pr_misc_header_t))
+			continue;
+
 		while (off <= l - sizeof (pr_misc_header_t)) {
 			pr_misc_header_t *misc;
 
diff --git a/usr/src/man/man3proc/proc_get_fdinfo.3proc b/usr/src/man/man3proc/proc_get_fdinfo.3proc
index b85eef16f9..1985230f4c 100644
--- a/usr/src/man/man3proc/proc_get_fdinfo.3proc
+++ b/usr/src/man/man3proc/proc_get_fdinfo.3proc
@@ -11,7 +11,7 @@
 .\"
 .\" Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
 .\"
-.Dd January 6, 2020
+.Dd January 29, 2020
 .Dt PROC_GET_FDINFO 3PROC
 .Os
 .Sh NAME
@@ -76,6 +76,7 @@ In addition to the errors listed below, the
 .Fn proc_get_fdinfo
 function may fail for the same reasons as the
 .Xr fstat 2 ,
+.Xr lseek 2 ,
 .Xr malloc 3C ,
 .Xr open 2 ,
 and