From: Jim Warner Date: Sun, 3 Jun 2018 05:00:00 +0000 (-0500) Subject: top: add another field sanity check in 'config_file()' X-Git-Tag: v4.0.0~552 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=59c8c1c86cd123fb2abd8121465250896d9f0823;p=procps-ng top: add another field sanity check in 'config_file()' Until the Qualys security audit I had never considered it a possibility that some malicious person might edit the top config file to achieve some nefarious results. And while the Qualys approach tended to concentrate on the symptoms from such an effort, subsequent revisions more properly concentrated on startup and that rcfile. This commit completes those efforts with 1 more field. Signed-off-by: Jim Warner --- diff --git a/top/top.c b/top/top.c index 808c52a5..18f2a3b1 100644 --- a/top/top.c +++ b/top/top.c @@ -3291,8 +3291,7 @@ static const char *config_file (FILE *fp, const char *name, float *delay) { return p; if (4 != fscanf(fp, "\tsummclr=%d, msgsclr=%d, headclr=%d, taskclr=%d\n" - , &w->rc.summclr, &w->rc.msgsclr - , &w->rc.headclr, &w->rc.taskclr)) + , &w->rc.summclr, &w->rc.msgsclr, &w->rc.headclr, &w->rc.taskclr)) return p; if (w->rc.summclr < 0 || w->rc.summclr > 7) return p; if (w->rc.msgsclr < 0 || w->rc.msgsclr > 7) return p; @@ -3336,6 +3335,8 @@ static const char *config_file (FILE *fp, const char *name, float *delay) { Rc.summ_mscale = 0; if (Rc.task_mscale < 0 || Rc.task_mscale > SK_Pb) Rc.task_mscale = 0; + if (Rc.zero_suppress < 0 || Rc.zero_suppress > 1) + Rc.zero_suppress = 0; // we'll start off Inspect stuff with 1 'potential' blank line // ( only realized if we end up with Inspect.total > 0 )