From bf12b14db9f35a0cf24459bfb5b59ce541de802d Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] proc/sig.c: Harden print_given_signals(). And signal_name_to_number(). --- proc/sig.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/proc/sig.c b/proc/sig.c index 0885ff9d..da40038e 100644 --- a/proc/sig.c +++ b/proc/sig.c @@ -177,7 +177,7 @@ int signal_name_to_number(const char *restrict name){ val = strtol(name,&endp,10); if(*endp || endp==name) return -1; /* not valid */ } - if(val+SIGRTMIN>127) return -1; /* not valid */ + if(val<0 || val+SIGRTMIN>127) return -1; /* not valid */ return val+offset; } @@ -195,33 +195,36 @@ const char *signal_number_to_name(int signo){ } int print_given_signals(int argc, const char *restrict const *restrict argv, int max_line){ - char buf[1280]; /* 128 signals, "RTMIN+xx" is largest */ + char tmpbuf[16]; + char buf[128 * sizeof tmpbuf]; /* 128 signals, "RTMIN+xx" is largest */ int ret = 0; /* to be used as exit code by caller */ int place = 0; /* position on this line */ - int amt; - if(argc > 128) return 1; + if(argc < 0 || argc > 128) return 1; while(argc--){ - char tmpbuf[16]; + int amt = -1; const char *restrict const txt = *argv; if(*txt >= '0' && *txt <= '9'){ long val; char *endp; val = strtol(txt,&endp,10); - if(*endp){ - fprintf(stderr, "Signal \"%s\" not known.\n", txt); - ret = 1; - goto end; + if(*endp || endp==txt){ + amt = -1; + }else{ + amt = snprintf(tmpbuf, sizeof tmpbuf, "%s", signal_number_to_name(val)); } - amt = sprintf(tmpbuf, "%s", signal_number_to_name(val)); }else{ int sno; sno = signal_name_to_number(txt); if(sno == -1){ - fprintf(stderr, "Signal \"%s\" not known.\n", txt); - ret = 1; - goto end; + amt = -1; + }else{ + amt = snprintf(tmpbuf, sizeof tmpbuf, "%d", sno); } - amt = sprintf(tmpbuf, "%d", sno); + } + if(amt <= 0 || (size_t)amt >= sizeof tmpbuf){ + fprintf(stderr, "Signal \"%s\" not known.\n", txt); + ret = 1; + goto end; } if(!place){