emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

w: Clamp maxcmd to the MIN/MAX_CMD_WIDTH range.

Browse Source 
The current checks allow out-of-range values (for example, if
getenv/atoi returns ~-2GB, maxcmd becomes ~+2GB after the subtraction).
This is not a security problem, none of this is under an attacker's
control.
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 3a437012f0
commit 2503ec3630
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
w.c
View File

@ -579,11 +579,14 @@ int main(int argc, char **argv)
maxcmd = atoi(p); maxcmd = atoi(p);
else else
maxcmd = MAX_CMD_WIDTH; maxcmd = MAX_CMD_WIDTH;
if (MAX_CMD_WIDTH < maxcmd) #define CLAMP_CMD_WIDTH(cw) do { \
maxcmd = MAX_CMD_WIDTH; if ((cw) < MIN_CMD_WIDTH) (cw) = MIN_CMD_WIDTH; \
if ((cw) > MAX_CMD_WIDTH) (cw) = MAX_CMD_WIDTH; \
} while (0)
CLAMP_CMD_WIDTH(maxcmd);
maxcmd -= 21 + userlen + (from ? fromlen : 0) + (longform ? 20 : 0); maxcmd -= 21 + userlen + (from ? fromlen : 0) + (longform ? 20 : 0);
if (maxcmd < MIN_CMD_WIDTH) CLAMP_CMD_WIDTH(maxcmd);
maxcmd = MIN_CMD_WIDTH; #undef CLAMP_CMD_WIDTH
procs = readproctab(PROC_FILLCOM | PROC_FILLUSR | PROC_FILLSTAT); procs = readproctab(PROC_FILLCOM | PROC_FILLUSR | PROC_FILLSTAT);