From 27e45cf43b93f4a9825ad812969e9193daf39ea8 Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] proc/readproc.c: Fix the unhex() function. This function is unused (SIGNAL_STRING is defined by default, and if it is not, procps does not compile -- for example, there is no "outbuf" in help_pr_sig()) but fix it anyway. There are two bugs: - it accepts non-hexadecimal characters (anything >= 0x30); - "(c - (c>0x57) ? 0x57 : 0x30)" is always equal to 0x57. --- proc/readproc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/proc/readproc.c b/proc/readproc.c index d6bdbc9a..db90a2e9 100644 --- a/proc/readproc.c +++ b/proc/readproc.c @@ -78,8 +78,10 @@ static unsigned long long unhex(const char *restrict cp){ unsigned long long ull = 0; for(;;){ char c = *cp++; - if(unlikely(c<0x30)) break; - ull = (ull<<4) | (c - (c>0x57) ? 0x57 : 0x30) ; + if(!( (c >= '0' && c <= '9') || + (c >= 'A' && c <= 'F') || + (c >= 'a' && c <= 'f') )) break; + ull = (ull<<4) | (c - (c >= 'a' ? 'a'-10 : c >= 'A' ? 'A'-10 : '0')); } return ull; }