From 6f7d610621ec3841a73230270b0ddbfe0e3a5d16 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] 0061-ps/output.c: Always null-terminate outbuf in
 show_one_proc().

Before "strlen(outbuf)", if one of the pr_*() functions forgot to do it.
This prevents an out-of-bounds read in strlen(), and an out-of-bounds
write in "outbuf[sz] = '\n'". Another solution would be to replace
strlen() with strnlen(), but this is not used anywhere else in the
code-base and may not exist in all libc's.

---------------------------- adapted for newlib branch
. adapted via 'patch' without rejections

Signed-off-by: Jim Warner <james.warner@comcast.net>
---
 ps/output.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ps/output.c b/ps/output.c
index ba929486..07b1c0d5 100644
--- a/ps/output.c
+++ b/ps/output.c
@@ -2027,6 +2027,7 @@ void show_one_proc(const proc_t *restrict const p, const format_node *restrict f
     if(space>SPACE_AMOUNT) space=SPACE_AMOUNT;  // only so much available
 
     /* real size -- don't forget in 'amount' is number of cells */
+    outbuf[OUTBUF_SIZE-1] = '\0';
     sz = strlen(outbuf);
 
     /* print data, set x position stuff */