From: Jim Warner <james.warner@comcast.net>
Date: Fri, 18 May 2018 05:00:00 +0000 (-0500)
Subject: top: check sortindx risk exposure (not treat symptoms)
X-Git-Tag: v3.3.15~15
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3b2235c2662ce607c6188827245c82b818a0265e;p=procps-ng

top: check sortindx risk exposure (not treat symptoms)

Rather than validate the window's 'sortindx' each time
it was referenced (as was done in the patch below), we
now ensure the validity just once when the config file
is read. Thereafter, a running top will police bounds.

Reference(s):
. original qualys patch
0102-top-Check-sortindx.patch
commit d5b8ac7139093a5faf1f3c32d7d069728c471952

Signed-off-by: Jim Warner <james.warner@comcast.net>
---

diff --git a/top/top.c b/top/top.c
index 284b6a9a..98400bd7 100644
--- a/top/top.c
+++ b/top/top.c
@@ -3699,6 +3699,8 @@ static int config_cvt (WIN_t *q) {
    // lastly, we must adjust the old sort field enum...
    x = q->rc.sortindx;
    q->rc.sortindx = fields_src[x] - FLD_OFFSET;
+   if (q->rc.sortindx < 0 || q->rc.sortindx >= EU_MAXPFLGS)
+      return 1;
 
    return 0;
 } // end: config_cvt
@@ -3746,6 +3748,8 @@ error Hey, fix the above fscanf 'PFLAGSSIZ' dependency !
       if (3 > fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d, graph_cpus=%d, graph_mems=%d\n"
          , &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks, &w->rc.graph_cpus, &w->rc.graph_mems))
             return p;
+      if (w->rc.sortindx < 0 || w->rc.sortindx >= EU_MAXPFLGS)
+         return p;
       if (w->rc.graph_cpus < 0 || w->rc.graph_cpus > 2)
          return p;
       if (w->rc.graph_mems < 0 || w->rc.graph_mems > 2)