diff options
Diffstat (limited to 'sys-process/procps/files/procps-3.3.16-toprc_backwards_compatibility.patch')
-rw-r--r-- | sys-process/procps/files/procps-3.3.16-toprc_backwards_compatibility.patch | 71 |
1 files changed, 0 insertions, 71 deletions
diff --git a/sys-process/procps/files/procps-3.3.16-toprc_backwards_compatibility.patch b/sys-process/procps/files/procps-3.3.16-toprc_backwards_compatibility.patch deleted file mode 100644 index 19721205dfe7..000000000000 --- a/sys-process/procps/files/procps-3.3.16-toprc_backwards_compatibility.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 5cd29e5093efa3c6ee9c5310b64347f1d54b707d Mon Sep 17 00:00:00 2001 -From: Jim Warner <james.warner@comcast.net> -Date: Sat, 15 Feb 2020 00:00:00 -0600 -Subject: [PATCH] top: restore configuration file backward compatibility - -The Debian bug referenced below has nothing to do with -locales. In fact, top was made locale independent back -in release 3.3.13 (April, 2018). However, that bug did -reveal some misplaced logic which this patch corrects. - -Prompted by the Qualys audit, all rcfile field strings -were checked for potential duplicates which could only -have resulted from some user's manual/malicious edits. - -Unfortunately, that code was executed before top had a -chance to enforce the proper/maximum string length (in -the event an extremely old rcfile had just been read). -This created some potential string overrun references. - -In top's original 3.3.15 implementation, the potential -overrun extended for 15 characters. That is the number -of field characters added with 3.3.9 (December, 2013). -But, since strchr() was used, no error exit was taken. - -In the revised 3.3.16 implementation, the strchr() was -replaced with '&w->rc.fieldscur[n]'. This held overrun -to a single position while producing an error message. - -So, this commit just moves that logic to a point where -fieldscur is guaranteed to be longer than EU_MAXPFLGS. - -Reference(s): -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951335 -. revised 3.3.16 validation logic -commit 291d98ee5036567f93d21bc11142b0a7e2ee70ae -. original 3.3.15 validation logic -commit fdb58974e24c025a1f866f324c62f1d8f96234f8 - -Signed-off-by: Jim Warner <james.warner@comcast.net> ---- -diff --git a/top/top.c b/top/top.c -index 63ec5fe..b4fe21e 100644 ---- a/top/top.c -+++ b/top/top.c -@@ -3939,11 +3939,6 @@ static const char *configs_file (FILE *fp, const char *name, float *delay) { - // too bad fscanf is not as flexible with his format string as snprintf - #error Hey, fix the above fscanf 'PFLAGSSIZ' dependency ! - #endif -- // ensure there's been no manual alteration of fieldscur -- for (n = 0 ; n < EU_MAXPFLGS; n++) { -- if (&w->rc.fieldscur[n] != strrchr(w->rc.fieldscur, w->rc.fieldscur[n])) -- return p; -- } - // be tolerant of missing release 3.3.10 graph modes additions - if (3 > fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d, graph_cpus=%d, graph_mems=%d\n" - , &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks, &w->rc.graph_cpus, &w->rc.graph_mems)) -@@ -3989,6 +3984,11 @@ static const char *configs_file (FILE *fp, const char *name, float *delay) { - return p; - break; - } -+ // ensure there's been no manual alteration of fieldscur -+ for (n = 0 ; n < EU_MAXPFLGS; n++) { -+ if (&w->rc.fieldscur[n] != strrchr(w->rc.fieldscur, w->rc.fieldscur[n])) -+ return p; -+ } - #ifndef USE_X_COLHDR - OFFw(w, NOHIFND_xxx | NOHISEL_xxx); - #endif --- -2.24.1 - |