]> granicus.if.org Git - procps-ng/commit
0061-ps/output.c: Always null-terminate outbuf in show_one_proc().
authorQualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committerCraig Small <csmall@enc.com.au>
Sat, 9 Jun 2018 11:45:38 +0000 (21:45 +1000)
commit6f7d610621ec3841a73230270b0ddbfe0e3a5d16
tree5ce2c797aada9641401eb647ab8022ad6b92e1cf
parentc5bbe0077070d152adec21ad039f9462fe234ea6
0061-ps/output.c: Always null-terminate outbuf in show_one_proc().

Before "strlen(outbuf)", if one of the pr_*() functions forgot to do it.
This prevents an out-of-bounds read in strlen(), and an out-of-bounds
write in "outbuf[sz] = '\n'". Another solution would be to replace
strlen() with strnlen(), but this is not used anywhere else in the
code-base and may not exist in all libc's.

---------------------------- adapted for newlib branch
. adapted via 'patch' without rejections

Signed-off-by: Jim Warner <james.warner@comcast.net>
ps/output.c