procps-ng/top-add-another-field-sanity-check-in-config_file.patch

From a42742b0df64a3b282eac469447e9f57d416449e Mon Sep 17 00:00:00 2001
From: Jim Warner <james.warner@comcast.net>
Date: Wed, 23 May 2018 00:00:00 -0500
Subject: [PATCH 03/65] top: add another field sanity check in 'config_file()'

Until the Qualys security audit I had never considered
it a possibility that some malicious person might edit
the top config file to achieve some nefarious results.

And while the Qualys approach tended to concentrate on
the symptoms from such an effort, subsequent revisions
more properly concentrated on startup and that rcfile.

This commit completes those efforts with 1 more field.

Signed-off-by: Jim Warner <james.warner@comcast.net>
---
 top/top.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/top/top.c b/top/top.c
index d890140..0c02201 100644
--- a/top/top.c
+++ b/top/top.c
@@ -3759,8 +3759,7 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
          return p;
 
       if (4 != fscanf(fp, "\tsummclr=%d, msgsclr=%d, headclr=%d, taskclr=%d\n"
-         , &w->rc.summclr, &w->rc.msgsclr
-         , &w->rc.headclr, &w->rc.taskclr))
+         , &w->rc.summclr, &w->rc.msgsclr, &w->rc.headclr, &w->rc.taskclr))
             return p;
       if (w->rc.summclr < 0 || w->rc.summclr > 7) return p;
       if (w->rc.msgsclr < 0 || w->rc.msgsclr > 7) return p;
@@ -3804,6 +3803,8 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
       Rc.summ_mscale = 0;
    if (Rc.task_mscale < 0   || Rc.task_mscale > SK_Pb)
       Rc.task_mscale = 0;
+   if (Rc.zero_suppress < 0 || Rc.zero_suppress > 1)
+      Rc.zero_suppress = 0;
 
    // we'll start off Inspect stuff with 1 'potential' blank line
    // ( only realized if we end up with Inspect.total > 0 )
-- 
2.6.4.windows.1
Package init 2019-12-25 17:13:31 +08:00			`From a42742b0df64a3b282eac469447e9f57d416449e Mon Sep 17 00:00:00 2001`
			`From: Jim Warner <james.warner@comcast.net>`
			`Date: Wed, 23 May 2018 00:00:00 -0500`
			`Subject: [PATCH 03/65] top: add another field sanity check in 'config_file()'`

			`Until the Qualys security audit I had never considered`
			`it a possibility that some malicious person might edit`
			`the top config file to achieve some nefarious results.`

			`And while the Qualys approach tended to concentrate on`
			`the symptoms from such an effort, subsequent revisions`
			`more properly concentrated on startup and that rcfile.`

			`This commit completes those efforts with 1 more field.`

			`Signed-off-by: Jim Warner <james.warner@comcast.net>`
			`---`
			`top/top.c \| 5 +++--`
			`1 file changed, 3 insertions(+), 2 deletions(-)`

			`diff --git a/top/top.c b/top/top.c`
			`index d890140..0c02201 100644`
			`--- a/top/top.c`
			`+++ b/top/top.c`
			`@@ -3759,8 +3759,7 @@ static const char config_file (FILE fp, const char name, float delay) {`
			`return p;`

			`if (4 != fscanf(fp, "\tsummclr=%d, msgsclr=%d, headclr=%d, taskclr=%d\n"`
			`- , &w->rc.summclr, &w->rc.msgsclr`
			`- , &w->rc.headclr, &w->rc.taskclr))`
			`+ , &w->rc.summclr, &w->rc.msgsclr, &w->rc.headclr, &w->rc.taskclr))`
			`return p;`
			`if (w->rc.summclr < 0 \|\| w->rc.summclr > 7) return p;`
			`if (w->rc.msgsclr < 0 \|\| w->rc.msgsclr > 7) return p;`
			`@@ -3804,6 +3803,8 @@ static const char config_file (FILE fp, const char name, float delay) {`
			`Rc.summ_mscale = 0;`
			`if (Rc.task_mscale < 0 \|\| Rc.task_mscale > SK_Pb)`
			`Rc.task_mscale = 0;`
			`+ if (Rc.zero_suppress < 0 \|\| Rc.zero_suppress > 1)`
			`+ Rc.zero_suppress = 0;`

			`// we'll start off Inspect stuff with 1 'potential' blank line`
			`// ( only realized if we end up with Inspect.total > 0 )`
			`--`
			`2.6.4.windows.1`