top: restore configuration file backward compatibility
The Debian bug referenced below has nothing to do with locales. In fact, top was made locale independent back in release 3.3.13 (April, 2018). However, that bug did reveal some misplaced logic which this patch corrects. Prompted by the Qualys audit, all rcfile field strings were checked for potential duplicates which could only have resulted from some user's manual/malicious edits. Unfortunately, that code was executed before top had a chance to enforce the proper/maximum string length (in the event an extremely old rcfile had just been read). This created some potential string overrun references. In top's original 3.3.15 implementation, the potential overrun extended for 15 characters. That is the number of field characters added with 3.3.9 (December, 2013). But, since strchr() was used, no error exit was taken. In the revised 3.3.16 implementation, the strchr() was replaced with '&w->rc.fieldscur[n]'. This held overrun to a single position while producing an error message. So, this commit just moves that logic to a point where fieldscur is guaranteed to be longer than EU_MAXPFLGS. Reference(s): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951335 . revised 3.3.16 validation logic commit291d98ee50
. original 3.3.15 validation logic commitfdb58974e2
Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
parent
ed34b1228e
commit
5cd29e5093
1
NEWS
1
NEWS
@ -1,6 +1,7 @@
|
|||||||
procps-ng NEXT
|
procps-ng NEXT
|
||||||
--------------
|
--------------
|
||||||
* pgrep: Check sanity of SG_ARG_MAX issue #152
|
* pgrep: Check sanity of SG_ARG_MAX issue #152
|
||||||
|
* top: ensure config file backward compatibility Debian #951335
|
||||||
|
|
||||||
procps-ng-3.3.16
|
procps-ng-3.3.16
|
||||||
----------------
|
----------------
|
||||||
|
10
top/top.c
10
top/top.c
@ -3939,11 +3939,6 @@ static const char *configs_file (FILE *fp, const char *name, float *delay) {
|
|||||||
// too bad fscanf is not as flexible with his format string as snprintf
|
// too bad fscanf is not as flexible with his format string as snprintf
|
||||||
#error Hey, fix the above fscanf 'PFLAGSSIZ' dependency !
|
#error Hey, fix the above fscanf 'PFLAGSSIZ' dependency !
|
||||||
#endif
|
#endif
|
||||||
// ensure there's been no manual alteration of fieldscur
|
|
||||||
for (n = 0 ; n < EU_MAXPFLGS; n++) {
|
|
||||||
if (&w->rc.fieldscur[n] != strrchr(w->rc.fieldscur, w->rc.fieldscur[n]))
|
|
||||||
return p;
|
|
||||||
}
|
|
||||||
// be tolerant of missing release 3.3.10 graph modes additions
|
// be tolerant of missing release 3.3.10 graph modes additions
|
||||||
if (3 > fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d, graph_cpus=%d, graph_mems=%d\n"
|
if (3 > fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d, graph_cpus=%d, graph_mems=%d\n"
|
||||||
, &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks, &w->rc.graph_cpus, &w->rc.graph_mems))
|
, &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks, &w->rc.graph_cpus, &w->rc.graph_mems))
|
||||||
@ -3989,6 +3984,11 @@ static const char *configs_file (FILE *fp, const char *name, float *delay) {
|
|||||||
return p;
|
return p;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
// ensure there's been no manual alteration of fieldscur
|
||||||
|
for (n = 0 ; n < EU_MAXPFLGS; n++) {
|
||||||
|
if (&w->rc.fieldscur[n] != strrchr(w->rc.fieldscur, w->rc.fieldscur[n]))
|
||||||
|
return p;
|
||||||
|
}
|
||||||
#ifndef USE_X_COLHDR
|
#ifndef USE_X_COLHDR
|
||||||
OFFw(w, NOHIFND_xxx | NOHISEL_xxx);
|
OFFw(w, NOHIFND_xxx | NOHISEL_xxx);
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user