packages/procps-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
procps-ng/backport-0006-top-restore-configuration-file-backward-compatibilit.patch
19909236985 b19dc4842d sync patchs
2020-11-03 14:43:51 +08:00

78 lines
3.0 KiB
Diff
Raw Blame History

From 5cd29e5093efa3c6ee9c5310b64347f1d54b707d Mon Sep 17 00:00:00 2001
From: Jim Warner <james.warner@comcast.net>
Date: Sat, 15 Feb 2020 00:00:00 -0600
Subject: [PATCH] top: restore configuration file backward compatibility
The Debian bug referenced below has nothing to do with
locales. In fact, top was made locale independent back
in release 3.3.13 (April, 2018). However, that bug did
reveal some misplaced logic which this patch corrects.
Prompted by the Qualys audit, all rcfile field strings
were checked for potential duplicates which could only
have resulted from some user's manual/malicious edits.
Unfortunately, that code was executed before top had a
chance to enforce the proper/maximum string length (in
the event an extremely old rcfile had just been read).
This created some potential string overrun references.
In top's original 3.3.15 implementation, the potential
overrun extended for 15 characters. That is the number
of field characters added with 3.3.9 (December, 2013).
But, since strchr() was used, no error exit was taken.
In the revised 3.3.16 implementation, the strchr() was
replaced with '&w->rc.fieldscur[n]'. This held overrun
to a single position while producing an error message.
So, this commit just moves that logic to a point where
fieldscur is guaranteed to be longer than EU_MAXPFLGS.
Reference(s):
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951335
. revised 3.3.16 validation logic
commit 291d98ee5036567f93d21bc11142b0a7e2ee70ae
. original 3.3.15 validation logic
commit fdb58974e24c025a1f866f324c62f1d8f96234f8
Signed-off-by: Jim Warner <james.warner@comcast.net>
This patch has been modified to fit euler os
Signed-off-by: chenmingmin <chenmingmin@huawei.com>
---
top/top.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/top/top.c b/top/top.c
index 63ec5fe..b4fe21e 100644
--- a/top/top.c
+++ b/top/top.c
@@ -3939,11 +3939,6 @@ static const char *configs_file (FILE *fp, const char *name, float *delay) {
// too bad fscanf is not as flexible with his format string as snprintf
#error Hey, fix the above fscanf 'PFLAGSSIZ' dependency !
#endif
- // ensure there's been no manual alteration of fieldscur
- for (n = 0 ; n < EU_MAXPFLGS; n++) {
- if (&w->rc.fieldscur[n] != strrchr(w->rc.fieldscur, w->rc.fieldscur[n]))
- return p;
- }
// be tolerant of missing release 3.3.10 graph modes additions
if (3 > fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d, graph_cpus=%d, graph_mems=%d\n"
, &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks, &w->rc.graph_cpus, &w->rc.graph_mems))
@@ -3989,6 +3984,11 @@ static const char *configs_file (FILE *fp, const char *name, float *delay) {
return p;
break;
}
+ // ensure there's been no manual alteration of fieldscur
+ for (n = 0 ; n < EU_MAXPFLGS; n++) {
+ if (&w->rc.fieldscur[n] != strrchr(w->rc.fieldscur, w->rc.fieldscur[n]))
+ return p;
+ }
#ifndef USE_X_COLHDR
OFFw(w, NOHIFND_xxx | NOHISEL_xxx);
#endif
--
2.22.0.windows.1
Reference in New Issue View Git Blame Copy Permalink