Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
procps
CVE-2018-1122.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-1122.patch of Package procps
--- top/top.1 | 4 ++-- top/top.c | 23 +++++++++++++++++++++-- 2 files changed, 23 insertions(+), 4 deletions(-) --- top/top.1 +++ top/top.1 2018-06-05 13:16:16.375193796 +0000 @@ -2000,8 +2000,8 @@ Here is the general layout: " # discussed below .fi -If the $HOME variable is not present, \*(We will try to write the -personal \*(CF to the current directory, subject to permissions. +If a valid absolute path to the rcfile cannot be established, customizations +made to a running \*(We will be impossible to preserve. .\" ...................................................................... .SS 6c. ADDING INSPECT Entries --- top/top.c +++ top/top.c 2018-06-05 13:30:24.103901774 +0000 @@ -1679,6 +1679,9 @@ end_justifies: // for calibrate_fields and summary_show 1st pass #define L_DEFAULT PROC_FILLSTAT +#define UNSAFE_SORTINDX(indx, size) \ + ((indx) < 0 || (size_t)(indx) >= (size)) + /* These are our gosh darn 'Fields' ! They MUST be kept in sync with pflags !! */ static FLD_t Fieldstab[] = { @@ -1874,6 +1877,8 @@ static void build_headers (void) { do { if (VIZISw(w)) { + if (UNSAFE_SORTINDX(w->rc.sortindx, sizeof(Fieldstab) / sizeof(Fieldstab[0]))) + w->rc.sortindx = EU_PID; memset((s = w->columnhdr), 0, sizeof(w->columnhdr)); if (Rc.mode_altscr) s = scat(s, fmtmk("%d", w->winnum)); for (i = 0; i < w->maxpflgs; i++) { @@ -2143,7 +2148,8 @@ static void fields_utility (void) { #endif #define swapEM { char c; unSCRL; c = w->rc.fieldscur[i]; \ w->rc.fieldscur[i] = *p; *p = c; p = &w->rc.fieldscur[i]; } - #define spewFI { char *t; f = w->rc.sortindx; t = strchr(w->rc.fieldscur, f + FLD_OFFSET); \ + #define spewFI { char *t; if (UNSAFE_SORTINDX(w->rc.sortindx, EU_MAXPFLGS)) w->rc.sortindx = EU_PID; \ + f = w->rc.sortindx; t = strchr(w->rc.fieldscur, f + FLD_OFFSET); \ if (!t) t = strchr(w->rc.fieldscur, (f + FLD_OFFSET) | 0x80); \ i = (t) ? (int)(t - w->rc.fieldscur) : 0; } WIN_t *w = Curwin; // avoid gcc bloat with a local copy @@ -3424,6 +3430,8 @@ static int config_cvt (WIN_t *q) { strcpy(q->rc.fieldscur, fields_dst); // lastly, we must adjust the old sort field enum... + if (UNSAFE_SORTINDX(q->rc.sortindx, sizeof(fields_src) / sizeof(fields_src[0]))) + return 1; x = q->rc.sortindx; q->rc.sortindx = fields_src[x] - FLD_OFFSET; @@ -3452,8 +3460,15 @@ static void configs_read (void) { FILE *fp; int i; + Rc_name[0] = '\0'; // "fopen() shall fail if pathname is an empty string." p = getenv("HOME"); - snprintf(Rc_name, sizeof(Rc_name), "%s/.%src", (p && *p) ? p : ".", Myname); + if (!p || p[0] != '/') { + const struct passwd *const pwd = getpwuid(getuid()); + if (!pwd || !(p = pwd->pw_dir) || p[0] != '/') + p = NULL; + } + if (p) + snprintf(Rc_name, sizeof(Rc_name), "%s/.%src", p, Myname); fp = fopen(SYS_RCFILESPEC, "r"); if (fp) { @@ -3498,6 +3513,8 @@ static void configs_read (void) { if (3 != fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d\n" , &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks)) goto default_or_error; + if (UNSAFE_SORTINDX(w->rc.sortindx, sizeof(Fieldstab) / sizeof(Fieldstab[0]))) + return p; if (4 != fscanf(fp, "\tsummclr=%d, msgsclr=%d, headclr=%d, taskclr=%d\n" , &w->rc.summclr, &w->rc.msgsclr , &w->rc.headclr, &w->rc.taskclr)) @@ -5485,6 +5502,8 @@ static int window_show (WIN_t *q, int wm else Frame_srtflg = -1; Frame_ctimes = CHKw(q, Show_CTIMES); // this & next, only maybe Frame_cmdlin = CHKw(q, Show_CMDLIN); + if (UNSAFE_SORTINDX(q->rc.sortindx, sizeof(Fieldstab) / sizeof(Fieldstab[0]))) + q->rc.sortindx = EU_PID; qsort(q->ppt, Frame_maxtask, sizeof(proc_t*), Fieldstab[q->rc.sortindx].sort); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
