emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

ps/output.c: Fix outbuf overflows in pr_args() etc.

Browse Source 
Because there is usually less than OUTBUF_SIZE available at endp.
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent d31f5eb545
commit 136e372495
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ps/output.c
View File

@ -389,6 +389,9 @@ Modifications to the arguments are not shown.
// FIXME: some of these may hit the guard page in forest mode
#define OUTBUF_SIZE_AT(endp) \
(((endp) >= outbuf && (endp) < outbuf + OUTBUF_SIZE) ? (outbuf + OUTBUF_SIZE) - (endp) : 0)
/*
* "args", "cmd", "command" are all the same: long unless c
* "comm", "ucmd", "ucomm" are all the same: short unless -f
@ -402,15 +405,15 @@ static int pr_args(char *restrict const outbuf, const proc_t *restrict const pp)
rightward -= fh;
if(pp->cmdline && !bsd_c_option)
endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, &rightward);
endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), &rightward);
else
endp += escape_command(endp, pp, OUTBUF_SIZE, &rightward, ESC_DEFUNCT);
endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), &rightward, ESC_DEFUNCT);
if(bsd_e_option && rightward>1) {
if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) {
if(pp->environ && *pp->environ) {
*endp++ = ' ';
rightward--;
endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, &rightward);
endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), &rightward);
}
}
return max_rightward-rightward;
@ -429,15 +432,15 @@ static int pr_comm(char *restrict const outbuf, const proc_t *restrict const pp)
rightward -= fh;
if(pp->cmdline && unix_f_option)
endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE, &rightward);
endp += escaped_copy(endp, *pp->cmdline, OUTBUF_SIZE_AT(endp), &rightward);
else
endp += escape_command(endp, pp, OUTBUF_SIZE, &rightward, ESC_DEFUNCT);
endp += escape_command(endp, pp, OUTBUF_SIZE_AT(endp), &rightward, ESC_DEFUNCT);
if(bsd_e_option && rightward>1) {
if(bsd_e_option && rightward>1 && OUTBUF_SIZE_AT(endp)>1) {
if(pp->environ && *pp->environ) {
*endp++ = ' ';
rightward--;
endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE, &rightward);
endp += escape_strlist(endp, pp->environ, OUTBUF_SIZE_AT(endp), &rightward);
}
}
return max_rightward-rightward;
@ -469,11 +472,13 @@ static int pr_fname(char *restrict const outbuf, const proc_t *restrict const pp
if (rightward>8) /* 8=default, but forest maybe feeds more */
rightward = 8;
endp += escape_str(endp, pp->cmd, OUTBUF_SIZE, &rightward);
endp += escape_str(endp, pp->cmd, OUTBUF_SIZE_AT(endp), &rightward);
//return endp - outbuf;
return max_rightward-rightward;
}
#undef OUTBUF_SIZE_AT
/* elapsed wall clock time, [[dd-]hh:]mm:ss format (not same as "time") */
static int pr_etime(char *restrict const outbuf, const proc_t *restrict const pp){
unsigned long t;