emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

top: add another field sanity check in 'config_file()'

Browse Source 
Until the Qualys security audit I had never considered
it a possibility that some malicious person might edit
the top config file to achieve some nefarious results.

And while the Qualys approach tended to concentrate on
the symptoms from such an effort, subsequent revisions
more properly concentrated on startup and that rcfile.

This commit completes those efforts with 1 more field.

Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Jim Warner 2018-06-03 00:00:00 -05:00 committed by Craig Small
parent 8ce5f080a2
commit 59c8c1c86c
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
top/top.c
View File

@ -3291,8 +3291,7 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
return p;
if (4 != fscanf(fp, "\tsummclr=%d, msgsclr=%d, headclr=%d, taskclr=%d\n"
, &w->rc.summclr, &w->rc.msgsclr
, &w->rc.headclr, &w->rc.taskclr))
, &w->rc.summclr, &w->rc.msgsclr, &w->rc.headclr, &w->rc.taskclr))
return p;
if (w->rc.summclr < 0 || w->rc.summclr > 7) return p;
if (w->rc.msgsclr < 0 || w->rc.msgsclr > 7) return p;
@ -3336,6 +3335,8 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
Rc.summ_mscale = 0;
if (Rc.task_mscale < 0 || Rc.task_mscale > SK_Pb)
Rc.task_mscale = 0;
if (Rc.zero_suppress < 0 || Rc.zero_suppress > 1)
Rc.zero_suppress = 0;
// we'll start off Inspect stuff with 1 'potential' blank line
// ( only realized if we end up with Inspect.total > 0 )