emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

ps/output.c: Replace strcpy() with snprintf() in show_one_proc().

Browse Source 
This strcpy() should normally not overflow outbuf, but names can be
overridden (via -o). Also, check "amount" in all cases.
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 97408d8b10
commit 1d9ddb615a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ps/output.c
View File

@ -2043,7 +2043,10 @@ void show_one_proc(const proc_t *restrict const p, const format_node *restrict f
/* prepare data and calculate leftpad */
if(likely(p) && likely(fmt->pr)) amount = (*fmt->pr)(outbuf,p);
else amount = strlen(strcpy(outbuf, fmt->name)); /* AIX or headers */
else amount = snprintf(outbuf, OUTBUF_SIZE, "%s", fmt->name); /* AIX or headers */
if(amount < 0) outbuf[amount = 0] = '\0';
else if(amount >= OUTBUF_SIZE) outbuf[amount = OUTBUF_SIZE-1] = '\0';
switch((fmt->flags) & CF_JUST_MASK){
case 0: /* for AIX, assigned outside this file */