From 34feb6183a464300a17400200fc8232c4ad930e7 Mon Sep 17 00:00:00 2001 From: Jim Warner Date: Sun, 3 Jun 2018 00:00:00 -0500 Subject: [PATCH] top: prevent buffer overruns in 'inspection_utility()' For our master branch, a Qualys patch referenced below was reverted as being unwarranted. That original patch was not applied in this branch so there was no revert. However, there was 1 specific problem their patch had, in fact, prevented. Thus, this patch now addresses it. Reference(s): . original qualys patch 0109-top-Protect-scat-from-buffer-overflows.patch Signed-off-by: Jim Warner --- top/top.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/top/top.c b/top/top.c index 18f2a3b1..91493bc1 100644 --- a/top/top.c +++ b/top/top.c @@ -2990,8 +2990,8 @@ static void inspection_utility (int pid) { Inspect.tab[sel].caps = "~4"; dst[0] = '\0'; \ for (i = 0; i < Inspect.total; i++) { char _s[SMLBUFSIZ]; \ snprintf(_s, sizeof(_s), " %s %s", Inspect.tab[i].name, Inspect.tab[i].caps); \ - strcat(dst, _s); } } - char sels[MEDBUFSIZ]; + strncat(dst, _s, (sizeof(dst) - 1) - strlen(dst)); } } + char sels[SCREENMAX]; static int sel; int i, key; struct pids_stack *p; -- 2.40.0