From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: ps/sortformat.c: Double-check chars in verify_short_sort().
X-Git-Tag: v3.3.15~78
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=db00f54f4a3f2ae21a1e8e401e6b01968a88c514;p=procps-ng

ps/sortformat.c: Double-check chars in verify_short_sort().

To avoid an out-of-bounds access at checkoff[tmp]. The strspn() at the
beginning of the function protects against it already, but double-check
this in case of some future change.
---

diff --git a/ps/sortformat.c b/ps/sortformat.c
index ace5fa70..1594da62 100644
--- a/ps/sortformat.c
+++ b/ps/sortformat.c
@@ -428,6 +428,7 @@ static const char *verify_short_sort(const char *arg){
   walk = arg;
   for(;;){
     tmp = *walk;
+    if(tmp < 0 || (size_t)tmp >= sizeof(checkoff)) return _("bad sorting code");
     switch(tmp){
     case '\0':
       return NULL;   /* looks good */