emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

0054-ps/output.c: Fix outbuf overflows in pr_args() etc.

Browse Source 
Because there is usually less than OUTBUF_SIZE available at endp.

---------------------------- adapted for newlib branch
. logic is quite different with 'stacks' vs. 'proc_t'
. ps no longer deals with the library 'FILL...' flags

Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 43c4d553e6
commit 67c1ec4685
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ps/output.c
View File

@ -274,6 +274,9 @@ Modifications to the arguments are not shown.
// FIXME: some of these may hit the guard page in forest mode
#define OUTBUF_SIZE_AT(endp) \
(((endp) >= outbuf && (endp) < outbuf + OUTBUF_SIZE) ? (outbuf + OUTBUF_SIZE) - (endp) : 0)
/*
* "args", "cmd", "command" are all the same: long unless c
* "comm", "ucmd", "ucomm" are all the same: short unless -f
@ -287,13 +290,13 @@ setREL2(CMDLINE,ENVIRON)
fh = forest_helper(outbuf);
endp += fh;
rightward -= fh;
endp += escaped_copy(endp, rSv(CMDLINE, str, pp), OUTBUF_SIZE, &rightward);
endp += escaped_copy(endp, rSv(CMDLINE, str, pp), OUTBUF_SIZE_AT(endp), &rightward);
if(bsd_e_option && rightward>1) {
char *e = rSv(ENVIRON, str, pp);
if(*e != '-' || *(e+1) != '\0') {
*endp++ = ' ';
rightward--;
escaped_copy(endp, e, OUTBUF_SIZE, &rightward);
escaped_copy(endp, e, OUTBUF_SIZE_AT(endp), &rightward);
}
}
return max_rightward-rightward;
@ -313,15 +316,15 @@ setREL3(CMD,CMDLINE,ENVIRON)
endp += fh;
rightward -= fh;
if(unix_f_option)
endp += escaped_copy(endp, rSv(CMDLINE, str, pp), OUTBUF_SIZE, &rightward);
endp += escaped_copy(endp, rSv(CMDLINE, str, pp), OUTBUF_SIZE_AT(endp), &rightward);
else
endp += escaped_copy(endp, rSv(CMD, str, pp), OUTBUF_SIZE, &rightward);
endp += escaped_copy(endp, rSv(CMD, str, pp), OUTBUF_SIZE_AT(endp), &rightward);
if(bsd_e_option && rightward>1) {
char *e = rSv(ENVIRON, str, pp);
if(*e != '-' || *(e+1) != '\0') {
*endp++ = ' ';
rightward--;
escaped_copy(endp, e, OUTBUF_SIZE, &rightward);
escaped_copy(endp, e, OUTBUF_SIZE_AT(endp), &rightward);
}
}
return max_rightward-rightward;
@ -355,11 +358,13 @@ setREL1(CMD)
rightward -= fh;
if (rightward>8) /* 8=default, but forest maybe feeds more */
rightward = 8;
endp += escape_str(endp, rSv(CMD, str, pp), OUTBUF_SIZE, &rightward);
endp += escape_str(endp, rSv(CMD, str, pp), OUTBUF_SIZE_AT(endp), &rightward);
//return endp - outbuf;
return max_rightward-rightward;
}
#undef OUTBUF_SIZE_AT
/* elapsed wall clock time, [[dd-]hh:]mm:ss format (not same as "time") */
static int pr_etime(char *restrict const outbuf, const proc_t *restrict const pp){
unsigned long t;