busybox: fix busybox lock applet pidstr buffer overflow

Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.

Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>

diff --git a/package/utils/busybox/patches/220-add_lock_util.patch b/package/utils/busybox/patches/220-add_lock_util.patch
index 4e46b74f0e786b89c3a8cab5db90c3ea156fd3f3..623121b9fb9fd1913230424b217cc648a5fe32d2 100644 (file)
--- a/package/utils/busybox/patches/220-add_lock_util.patch
+++ b/package/utils/busybox/patches/220-add_lock_util.patch
@@ -72,9 +72,9 @@
 +
 +static int do_lock(void)
 +{
-+      int pid;
++      pid_t pid;
 +      int flags;
-+      char pidstr[8];
++      char pidstr[12];
 +
 +      if ((fd = open(file, O_RDWR | O_CREAT | O_EXCL, 0700)) < 0) {
 +              if ((fd = open(file, O_RDWR)) < 0) {
@@ -109,7 +109,7 @@
 +              if (!waitonly) {
 +                      lseek(fd, 0, SEEK_SET);
 +                      ftruncate(fd, 0);
-+                      sprintf(pidstr, "%d\n", pid);
++                      snprintf(sizeof(pidstr), pidstr, "%d\n", pid);
 +                      write(fd, pidstr, strlen(pidstr));
 +                      close(fd);
 +              }