top: restore configuration file backward compatibility

The Debian bug referenced below has nothing to do with
locales. In fact, top was made locale independent back
in release 3.3.13 (April, 2018). However, that bug did
reveal some misplaced logic which this patch corrects.

Prompted by the Qualys audit, all rcfile field strings
were checked for potential duplicates which could only
have resulted from some user's manual/malicious edits.

Unfortunately, that code was executed before top had a
chance to enforce the proper/maximum string length (in
the event an extremely old rcfile had just been read).
This created some potential string overrun references.

In top's original 3.3.15 implementation, the potential
overrun extended for 15 characters. That is the number
of field characters added with 3.3.9 (December, 2013).
But, since strchr() was used, no error exit was taken.

In the revised 3.3.16 implementation, the strchr() was
replaced with '&w->rc.fieldscur[n]'. This held overrun
to a single position while producing an error message.

So, this commit just moves that logic to a point where
fieldscur is guaranteed to be longer than EU_MAXPFLGS.

Reference(s):
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951335
. revised 3.3.16 validation logic
commit 291d98ee50
. original 3.3.15 validation logic
commit fdb58974e2

Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Jim Warner 2020-02-15 00:00:00 -06:00 committed by Craig Small
parent ed34b1228e
commit 5cd29e5093
2 changed files with 6 additions and 5 deletions

1
NEWS
View File

@ -1,6 +1,7 @@
procps-ng NEXT procps-ng NEXT
-------------- --------------
* pgrep: Check sanity of SG_ARG_MAX issue #152 * pgrep: Check sanity of SG_ARG_MAX issue #152
* top: ensure config file backward compatibility Debian #951335
procps-ng-3.3.16 procps-ng-3.3.16
---------------- ----------------

View File

@ -3939,11 +3939,6 @@ static const char *configs_file (FILE *fp, const char *name, float *delay) {
// too bad fscanf is not as flexible with his format string as snprintf // too bad fscanf is not as flexible with his format string as snprintf
#error Hey, fix the above fscanf 'PFLAGSSIZ' dependency ! #error Hey, fix the above fscanf 'PFLAGSSIZ' dependency !
#endif #endif
// ensure there's been no manual alteration of fieldscur
for (n = 0 ; n < EU_MAXPFLGS; n++) {
if (&w->rc.fieldscur[n] != strrchr(w->rc.fieldscur, w->rc.fieldscur[n]))
return p;
}
// be tolerant of missing release 3.3.10 graph modes additions // be tolerant of missing release 3.3.10 graph modes additions
if (3 > fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d, graph_cpus=%d, graph_mems=%d\n" if (3 > fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d, graph_cpus=%d, graph_mems=%d\n"
, &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks, &w->rc.graph_cpus, &w->rc.graph_mems)) , &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks, &w->rc.graph_cpus, &w->rc.graph_mems))
@ -3989,6 +3984,11 @@ static const char *configs_file (FILE *fp, const char *name, float *delay) {
return p; return p;
break; break;
} }
// ensure there's been no manual alteration of fieldscur
for (n = 0 ; n < EU_MAXPFLGS; n++) {
if (&w->rc.fieldscur[n] != strrchr(w->rc.fieldscur, w->rc.fieldscur[n]))
return p;
}
#ifndef USE_X_COLHDR #ifndef USE_X_COLHDR
OFFw(w, NOHIFND_xxx | NOHISEL_xxx); OFFw(w, NOHIFND_xxx | NOHISEL_xxx);
#endif #endif