emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

0015-tload: Prevent integer overflows of ncols, nrows, and scr_size.

Browse Source 
Also, use xerrx() instead of xerr() since errno is not set.
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 44d5a5689c
commit cd8499f5f0
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tload.c
View File

@ -42,6 +42,7 @@
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <termios.h> #include <termios.h>
#include <unistd.h> #include <unistd.h>
#include <limits.h>
static char *screen; static char *screen;
@ -69,9 +70,13 @@ static void setsize(int i)
if (win.ws_row > 0) if (win.ws_row > 0)
nrows = win.ws_row; nrows = win.ws_row;
} }
if (ncols < 2 || ncols >= INT_MAX)
xerrx(EXIT_FAILURE, _("screen too small or too large"));
if (nrows < 2 || nrows >= INT_MAX / ncols)
xerrx(EXIT_FAILURE, _("screen too small or too large"));
scr_size = nrows * ncols; scr_size = nrows * ncols;
if (scr_size < 2) if (scr_size < 2)
xerr(EXIT_FAILURE, _("screen too small")); xerrx(EXIT_FAILURE, _("screen too small"));
if (screen == NULL) if (screen == NULL)
screen = (char *)xmalloc(scr_size); screen = (char *)xmalloc(scr_size);
else else