]> granicus.if.org Git - procps-ng/commit
projects / procps-ng / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: db25d03) | patch
ps/output.c: Always null-terminate outbuf in show_one_proc().
authorQualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committerCraig Small <csmall@enc.com.au>
Fri, 18 May 2018 21:32:21 +0000 (07:32 +1000)
commit7dd7bdb09ffc5f53ad531ace227882d4a19a6f4a
tree42e915a7573a267c6afcf25eaeefc830a73f092btree | snapshot
parentdb25d0375a389ec3c2f5e6f2422a1ddff97841bdcommit | diff
ps/output.c: Always null-terminate outbuf in show_one_proc().

Before "strlen(outbuf)", if one of the pr_*() functions forgot to do it.
This prevents an out-of-bounds read in strlen(), and an out-of-bounds
write in "outbuf[sz] = '\n'". Another solution would be to replace
strlen() with strnlen(), but this is not used anywhere else in the
code-base and may not exist in all libc's.
ps/output.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.