From: Jim Warner Date: Fri, 18 May 2018 05:00:00 +0000 (-0500) Subject: top: prevent buffer overflow potential in all routines X-Git-Tag: v3.3.15~10 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fdb58974e24c025a1f866f324c62f1d8f96234f8;p=procps-ng top: prevent buffer overflow potential in all routines Whereas that original patch (since reversed) addressed some symptoms related to manually edited config files, this solution deals with root causes. And it goes much beyond any single top field by protecting all of top's fields. Henceforth, a duplicated field is not allowed. Reference(s): . original qualys patch 0114-top-Prevent-buffer-overflow-in-calibrate_fields.patch commit c424a643318abfb534a692bd86c6a5e411ed2ebb Signed-off-by: Jim Warner --- diff --git a/top/top.c b/top/top.c index 80040f00..5088a8d6 100644 --- a/top/top.c +++ b/top/top.c @@ -3715,7 +3715,7 @@ static const char *config_file (FILE *fp, const char *name, float *delay) { *delay = (float)tmp_whole + (float)tmp_fract / 1000; for (i = 0 ; i < GROUPSMAX; i++) { - int x; + int n, x; WIN_t *w = &Winstk[i]; p = fmtmk(N_fmt(RC_bad_entry_fmt), i+1, name); @@ -3727,6 +3727,11 @@ static const char *config_file (FILE *fp, const char *name, float *delay) { too bad fscanf is not as flexible with his format string as snprintf error Hey, fix the above fscanf 'PFLAGSSIZ' dependency ! #endif + // ensure there's been no manual alteration of fieldscur + for (n = 0 ; n < EU_MAXPFLGS; n++) { + if (strchr(w->rc.fieldscur, w->rc.fieldscur[n]) != strrchr(w->rc.fieldscur, w->rc.fieldscur[n])) + return p; + } // be tolerant of missing release 3.3.10 graph modes additions if (3 > fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d, graph_cpus=%d, graph_mems=%d\n" , &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks, &w->rc.graph_cpus, &w->rc.graph_mems))