47 lines
1.8 KiB
Diff
47 lines
1.8 KiB
Diff
From a42742b0df64a3b282eac469447e9f57d416449e Mon Sep 17 00:00:00 2001
|
|
From: Jim Warner <james.warner@comcast.net>
|
|
Date: Wed, 23 May 2018 00:00:00 -0500
|
|
Subject: [PATCH 03/65] top: add another field sanity check in 'config_file()'
|
|
|
|
Until the Qualys security audit I had never considered
|
|
it a possibility that some malicious person might edit
|
|
the top config file to achieve some nefarious results.
|
|
|
|
And while the Qualys approach tended to concentrate on
|
|
the symptoms from such an effort, subsequent revisions
|
|
more properly concentrated on startup and that rcfile.
|
|
|
|
This commit completes those efforts with 1 more field.
|
|
|
|
Signed-off-by: Jim Warner <james.warner@comcast.net>
|
|
---
|
|
top/top.c | 5 +++--
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/top/top.c b/top/top.c
|
|
index d890140..0c02201 100644
|
|
--- a/top/top.c
|
|
+++ b/top/top.c
|
|
@@ -3759,8 +3759,7 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
|
|
return p;
|
|
|
|
if (4 != fscanf(fp, "\tsummclr=%d, msgsclr=%d, headclr=%d, taskclr=%d\n"
|
|
- , &w->rc.summclr, &w->rc.msgsclr
|
|
- , &w->rc.headclr, &w->rc.taskclr))
|
|
+ , &w->rc.summclr, &w->rc.msgsclr, &w->rc.headclr, &w->rc.taskclr))
|
|
return p;
|
|
if (w->rc.summclr < 0 || w->rc.summclr > 7) return p;
|
|
if (w->rc.msgsclr < 0 || w->rc.msgsclr > 7) return p;
|
|
@@ -3804,6 +3803,8 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
|
|
Rc.summ_mscale = 0;
|
|
if (Rc.task_mscale < 0 || Rc.task_mscale > SK_Pb)
|
|
Rc.task_mscale = 0;
|
|
+ if (Rc.zero_suppress < 0 || Rc.zero_suppress > 1)
|
|
+ Rc.zero_suppress = 0;
|
|
|
|
// we'll start off Inspect stuff with 1 'potential' blank line
|
|
// ( only realized if we end up with Inspect.total > 0 )
|
|
--
|
|
2.6.4.windows.1
|
|
|