]> granicus.if.org Git - procps-ng/commit
0053-ps/output.c: Harden forest_helper().
authorQualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committerCraig Small <csmall@enc.com.au>
Sat, 9 Jun 2018 11:45:38 +0000 (21:45 +1000)
commit43c4d553e66f4c39ed6243ed278865431a66d019
tree4b1c48a9443002725de999cbad19f4db9b773c90
parent9caf95c0bd2df7a622b3839a13d5db102282e717
0053-ps/output.c: Harden forest_helper().

This patch solves several problems:

1/ Limit the number of characters written (to outbuf) to OUTBUF_SIZE-1
(-1 for the null-terminator).

2/ Always null-terminate outbuf at q.

3/ Move the "rightward" checks *before* the strcpy() calls.

4/ Avoid an integer overflow in these checks (e.g., rightward-4).
ps/output.c