0048-ps/output.c: Make sure all escape*() arguments are safe.

The SECURE_ESCAPE_ARGS() macro solves several potential problems (although we found no problematic calls to the escape*() functions in procps's code-base, but had to thoroughly review every call; and this is library code): 1/ off-by-one overflows if the size of the destination buffer is 0; 2/ buffer overflows if this size (or "maxroom") is negative; 3/ integer overflows (for example, "*maxcells+1"); 4/ always null-terminate the destination buffer (unless its size is 0). ---------------------------- adapted for newlib branch . formerly applied to proc/escape.c . function was moved to ps/output.c Signed-off-by: Jim Warner <james.warner@comcast.net>
- · f44fe715bd
commit f44fe715bd
parent f0b245c794
1 changed files with 10 additions and 0 deletions
--- a/ps/output.c
+++ b/ps/output.c
@ -110,9 +110,19 @@ static void get_memory_total()
    procps_meminfo_unref(&mem_info);
 }

+#define SECURE_ESCAPE_ARGS(dst, bytes, cells) do { \
+  if ((bytes) <= 0) return 0; \
+  *(dst) = '\0'; \
+  if ((bytes) >= INT_MAX) return 0; \
+  if ((cells) >= INT_MAX) return 0; \
+  if ((cells) <= 0) return 0; \
+} while (0)
+
 // copy an already 'escaped' string,
 static int escaped_copy(char *restrict dst, const char *restrict src, int bufsize, int *maxroom){
    int n;
+
+    SECURE_ESCAPE_ARGS(dst, bufsize, *maxroom);
    if (bufsize > *maxroom+1)
        bufsize = *maxroom+1;
    n = snprintf(dst, bufsize, "%s", src);