Qualys Security Advisory f44fe715bd 0048-ps/output.c: Make sure all escape*() arguments are safe. ...

The SECURE_ESCAPE_ARGS() macro solves several potential problems
(although we found no problematic calls to the escape*() functions in
procps's code-base, but had to thoroughly review every call; and this is
library code):

1/ off-by-one overflows if the size of the destination buffer is 0;

2/ buffer overflows if this size (or "maxroom") is negative;

3/ integer overflows (for example, "*maxcells+1");

4/ always null-terminate the destination buffer (unless its size is 0).

---------------------------- adapted for newlib branch
. formerly applied to proc/escape.c
. function was moved to ps/output.c

Signed-off-by: Jim Warner <james.warner@comcast.net>

2018-06-09 21:45:38 +10:00

..

common.h

ps: changed to exploit a newly added UID used at login

2018-02-19 20:33:59 +11:00

COPYING

license: update FSF addresses

2012-03-04 08:04:24 +11:00

display.c

related: fix inconsistencies in result type references

2016-08-07 21:40:48 +10:00

global.c

ps: changed to exploit a newly added UID used at login

2018-02-19 20:33:59 +11:00

HACKING

docs: remove old information from HACKING

2012-01-13 22:42:38 +01:00

help.c

library: cleanup of library includes

2016-04-16 17:03:57 +10:00

output.c

0048-ps/output.c: Make sure all escape*() arguments are safe.

2018-06-09 21:45:38 +10:00

parser.c

misc: eliminate all those remaining gcc -Wall warnings

2017-05-22 21:38:10 +10:00

ps.1

ps: add times & cputimes format specifiers: cumulative CPU time in seconds

2018-03-02 22:19:40 +11:00

regression

…

select.c

ps: exploit those new <pids> task/threads capabilities

2015-10-05 21:52:08 +11:00

sortformat.c

related: change for lost 'PROCPS_' enumerator prefixes

2016-07-26 20:49:44 +10:00

stacktrace.c

misc: just eliminate several 'unused' warning messages

2016-07-26 07:59:48 +10:00