From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: proc/readproc.c: Fix the unhex() function.
X-Git-Tag: v3.3.15~73
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=27e45cf43b93f4a9825ad812969e9193daf39ea8;p=procps-ng

proc/readproc.c: Fix the unhex() function.

This function is unused (SIGNAL_STRING is defined by default, and if it
is not, procps does not compile -- for example, there is no "outbuf" in
help_pr_sig()) but fix it anyway. There are two bugs:

- it accepts non-hexadecimal characters (anything >= 0x30);

- "(c - (c>0x57) ? 0x57 : 0x30)" is always equal to 0x57.
---

diff --git a/proc/readproc.c b/proc/readproc.c
index d6bdbc9a..db90a2e9 100644
--- a/proc/readproc.c
+++ b/proc/readproc.c
@@ -78,8 +78,10 @@ static unsigned long long unhex(const char *restrict cp){
     unsigned long long ull = 0;
     for(;;){
         char c = *cp++;
-        if(unlikely(c<0x30)) break;
-        ull = (ull<<4) | (c - (c>0x57) ? 0x57 : 0x30) ;
+        if(!( (c >= '0' && c <= '9') ||
+              (c >= 'A' && c <= 'F') ||
+              (c >= 'a' && c <= 'f') )) break;
+        ull = (ull<<4) | (c - (c >= 'a' ? 'a'-10 : c >= 'A' ? 'A'-10 : '0'));
     }
     return ull;
 }