From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: 0080-proc/readproc.c: Harden openproc().
X-Git-Tag: v4.0.0~585
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=990ea89ae91d9b6747db8e3b192adeebab31426f;p=procps-ng

0080-proc/readproc.c: Harden openproc().

Replace xmalloc() with xcalloc().

---------------------------- adapted for newlib branch
. trade xcalloc() for calloc()
. thus we must account for potential ENOMEM

Signed-off-by: Jim Warner <james.warner@comcast.net>
---

diff --git a/proc/readproc.c b/proc/readproc.c
index 0b88242a..61633612 100644
--- a/proc/readproc.c
+++ b/proc/readproc.c
@@ -37,6 +37,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <limits.h>
+#include <stdint.h>
 #ifdef WITH_SYSTEMD
 #include <systemd/sd-login.h>
 #endif
@@ -1369,7 +1370,7 @@ PROCTAB* openproc(unsigned flags, ...) {
     va_list ap;
     struct stat sbuf;
     static int did_stat;
-    PROCTAB* PT = malloc(sizeof(PROCTAB));
+    PROCTAB* PT = calloc(1, sizeof(PROCTAB));
 
     if (!PT)
         return NULL;