top: add another field sanity check in 'config_file()'

Until the Qualys security audit I had never considered
it a possibility that some malicious person might edit
the top config file to achieve some nefarious results.

And while the Qualys approach tended to concentrate on
the symptoms from such an effort, subsequent revisions
more properly concentrated on startup and that rcfile.

This commit completes those efforts with 1 more field.

Signed-off-by: Jim Warner <james.warner@comcast.net>

diff --git a/top/top.c b/top/top.c
index 808c52a5f152e7ed32bde6860acb66eaf4c03a6e..18f2a3b1f4ac52080082af6ca8b5ebab2ee1ec3b 100644 (file)
--- a/top/top.c
+++ b/top/top.c
@@ -3291,8 +3291,7 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
          return p;
 
       if (4 != fscanf(fp, "\tsummclr=%d, msgsclr=%d, headclr=%d, taskclr=%d\n"
-         , &w->rc.summclr, &w->rc.msgsclr
-         , &w->rc.headclr, &w->rc.taskclr))
+         , &w->rc.summclr, &w->rc.msgsclr, &w->rc.headclr, &w->rc.taskclr))
             return p;
       if (w->rc.summclr < 0 || w->rc.summclr > 7) return p;
       if (w->rc.msgsclr < 0 || w->rc.msgsclr > 7) return p;
@@ -3336,6 +3335,8 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
       Rc.summ_mscale = 0;
    if (Rc.task_mscale < 0   || Rc.task_mscale > SK_Pb)
       Rc.task_mscale = 0;
+   if (Rc.zero_suppress < 0 || Rc.zero_suppress > 1)
+      Rc.zero_suppress = 0;
 
    // we'll start off Inspect stuff with 1 'potential' blank line
    // ( only realized if we end up with Inspect.total > 0 )