From fdb58974e24c025a1f866f324c62f1d8f96234f8 Mon Sep 17 00:00:00 2001 From: Jim Warner Date: Fri, 18 May 2018 00:00:00 -0500 Subject: [PATCH] top: prevent buffer overflow potential in all routines Whereas that original patch (since reversed) addressed some symptoms related to manually edited config files, this solution deals with root causes. And it goes much beyond any single top field by protecting all of top's fields. Henceforth, a duplicated field is not allowed. Reference(s): . original qualys patch 0114-top-Prevent-buffer-overflow-in-calibrate_fields.patch commit c424a643318abfb534a692bd86c6a5e411ed2ebb Signed-off-by: Jim Warner --- top/top.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/top/top.c b/top/top.c index 80040f00..5088a8d6 100644 --- a/top/top.c +++ b/top/top.c @@ -3715,7 +3715,7 @@ static const char *config_file (FILE *fp, const char *name, float *delay) { *delay = (float)tmp_whole + (float)tmp_fract / 1000; for (i = 0 ; i < GROUPSMAX; i++) { - int x; + int n, x; WIN_t *w = &Winstk[i]; p = fmtmk(N_fmt(RC_bad_entry_fmt), i+1, name); @@ -3727,6 +3727,11 @@ static const char *config_file (FILE *fp, const char *name, float *delay) { too bad fscanf is not as flexible with his format string as snprintf error Hey, fix the above fscanf 'PFLAGSSIZ' dependency ! #endif + // ensure there's been no manual alteration of fieldscur + for (n = 0 ; n < EU_MAXPFLGS; n++) { + if (strchr(w->rc.fieldscur, w->rc.fieldscur[n]) != strrchr(w->rc.fieldscur, w->rc.fieldscur[n])) + return p; + } // be tolerant of missing release 3.3.10 graph modes additions if (3 > fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d, graph_cpus=%d, graph_mems=%d\n" , &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks, &w->rc.graph_cpus, &w->rc.graph_mems)) -- 2.40.0