File CVE-2018-1123.patch of Package procps.30263

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-1123.patch of Package procps.30263

---
 ps/output.c |   23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

--- ps/output.c
+++ ps/output.c	2018-06-05 12:58:20.010609613 +0000
@@ -385,6 +385,9 @@ Modifications to the arguments are not s
 
 // FIXME: some of these may hit the guard page in forest mode
 
+#define OUTBUF_SIZE_AT(endp) \
+  (((endp) >= outbuf && (endp) < outbuf + OUTBUF_SIZE) ? (outbuf + OUTBUF_SIZE) - (endp) : 0)
+
 /*
  * "args", "cmd", "command" are all the same:  long  unless  c
  * "comm", "ucmd", "ucomm"  are all the same:  short unless -f
@@ -398,15 +401,15 @@ static int pr_args(char *restrict const
   rightward -= fh;
 
   if(pp->cmdline && !bsd_c_option)
-    endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, &rightward);
+    endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), &rightward);
   else
-    endp += escape_command(endp, pp, OUTBUF_SIZE, &rightward, ESC_DEFUNCT);
+    endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), &rightward, ESC_DEFUNCT);
 
-  if(bsd_e_option && rightward>1) {
+  if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) {
     if(pp->environ && *pp->environ) {
       *endp++ = ' ';
       rightward--;
-      endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, &rightward);
+      endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), &rightward);
     }
   }
   return max_rightward-rightward;
@@ -425,15 +428,15 @@ static int pr_comm(char *restrict const
   rightward -= fh;
 
   if(pp->cmdline && unix_f_option)
-    endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, &rightward);
+    endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), &rightward);
   else
-    endp += escape_command(endp, pp, OUTBUF_SIZE, &rightward, ESC_DEFUNCT);
+    endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), &rightward, ESC_DEFUNCT);
 
-  if(bsd_e_option && rightward>1) {
+  if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) {
     if(pp->environ && *pp->environ) {
       *endp++ = ' ';
       rightward--;
-      endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, &rightward);
+      endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), &rightward);
     }
   }
   return max_rightward-rightward;
@@ -458,11 +461,13 @@ static int pr_fname(char *restrict const
   if (rightward>8)  /* 8=default, but forest maybe feeds more */
     rightward = 8;
 
-  endp += escape_str(endp, pp->cmd, OUTBUF_SIZE, &rightward);
+  endp += escape_str(endp, pp->cmd, OUTBUF_SIZE_AT(endp), &rightward);
   //return endp - outbuf;
   return max_rightward-rightward;
 }
 
+#undef OUTBUF_SIZE_AT
+
 /* elapsed wall clock time, [[dd-]hh:]mm:ss format (not same as "time") */
 static int pr_etime(char *restrict const outbuf, const proc_t *restrict const pp){
   unsigned long t;

Places

File CVE-2018-1123.patch of Package procps.30263

Places