]> granicus.if.org Git - procps-ng/commitdiff
top: check sortindx risk exposure (not treat symptoms)
authorJim Warner <james.warner@comcast.net>
Sat, 2 Jun 2018 05:00:00 +0000 (00:00 -0500)
committerCraig Small <csmall@enc.com.au>
Sat, 9 Jun 2018 11:35:20 +0000 (21:35 +1000)
Rather than validate the window's 'sortindx' each time
it was referenced (as was done in the patch below), we
now ensure the validity just once when the config file
is read. Thereafter, a running top will police bounds.

Reference(s):
. original qualys patch
0102-top-Check-sortindx.patch

Signed-off-by: Jim Warner <james.warner@comcast.net>
top/top.c

index d51d5aa52e12ead34a5a9ac2c34fc1a6017d35b7..d05fb34e12954a86a6e61e9a83b25a4cf732bbac 100644 (file)
--- a/top/top.c
+++ b/top/top.c
@@ -3213,6 +3213,8 @@ static int config_cvt (WIN_t *q) {
    // lastly, we must adjust the old sort field enum...
    x = q->rc.sortindx;
    q->rc.sortindx = fields_src[x] - FLD_OFFSET;
+   if (q->rc.sortindx < 0 || q->rc.sortindx >= EU_MAXPFLGS)
+      return 1;
 
    return 0;
 } // end: config_cvt
@@ -3260,6 +3262,8 @@ error Hey, fix the above fscanf 'PFLAGSSIZ' dependency !
       if (3 > fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d, graph_cpus=%d, graph_mems=%d\n"
          , &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks, &w->rc.graph_cpus, &w->rc.graph_mems))
             return p;
+      if (w->rc.sortindx < 0 || w->rc.sortindx >= EU_MAXPFLGS)
+         return p;
       if (w->rc.graph_cpus < 0 || w->rc.graph_cpus > 2)
          return p;
       if (w->rc.graph_mems < 0 || w->rc.graph_mems > 2)