Bug#924792: pidof: unsanitized user input makes pidof crash

Matteo Croce mcroce at redhat.com
Mon Mar 18 00:09:32 GMT 2019

> This is a good find and I see two fairly straight forward ways to deal
> with the bug:
> 1. We can drop the new -f flag. This is a little inconvenient for some
> users, but immediately plugs the hole.

That's an option, even if it would break existing scripts which use -f,
if any. Probably worth applying to plug the hole immediately, yes.

> 2. We can write our own print function that will not crash or give
> weird behaviour the way printf() does. Right now I'm leaning toward
> the latter option. It's a little more work, but probably a nicer fix
> for everyone in the long run.

I fear that it's much more that little work. Probably it's easier to
just sanitize the input.
The following code forbids strings containing "%s" or two "%", yet
allowing "%%" which is a valid escape to print a percent sign.

int unsafe_str(char *str)
	int found = 0;
	char *ptr = str;

	while ((ptr = index(ptr, '%'))) {
		if (ptr[1] == 's')
			return 1;
		if (ptr[1] == '%') {
			ptr += 2;
		if (found)
			return 1;
		found = 1;

	return 0;

The sanitizer is incomplete tough, the error can still be exploited by
adding a modifier to "%s" (like "% s" or "%.*s"), or using the
Single UNIX Specification syntax wich allows to pick the
Nth argument with %Nd, like "%1000000$d".

Matteo Croce
per aspera ad upstream

More information about the Debian-init-diversity mailing list