zeldon
/
htop
mirror of https://github.com/xzeldon/htop.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid potential buffer overflow in LinuxProcessList_readStatFile 

Pass size of allocated command buffer and limit write.
This commit is contained in:
Christian Göttsche 2020-09-15 19:55:21 +02:00 committed by cgzones
parent 95012d6259
commit b096fdbfc0
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
linux/LinuxProcessList.c
View File

@ -229,6 +229,8 @@ static inline unsigned long long LinuxProcess_adjustTime(unsigned long long t) {
static bool LinuxProcessList_readStatFile(Process *process, const char* dirname, const char* name, char* command, int* commLen) { static bool LinuxProcessList_readStatFile(Process *process, const char* dirname, const char* name, char* command, int* commLen) {
LinuxProcess* lp = (LinuxProcess*) process; LinuxProcess* lp = (LinuxProcess*) process;
const int commLenIn = *commLen;
*commLen = 0;
char filename[MAX_NAME+1]; char filename[MAX_NAME+1];
xSnprintf(filename, MAX_NAME, "%s/%s/stat", dirname, name); xSnprintf(filename, MAX_NAME, "%s/%s/stat", dirname, name);
int fd = open(filename, O_RDONLY); int fd = open(filename, O_RDONLY);
@ -250,7 +252,7 @@ static bool LinuxProcessList_readStatFile(Process *process, const char* dirname,
char *end = strrchr(location, ')'); char *end = strrchr(location, ')');
if (!end) return false; if (!end) return false;
int commsize = end - location; int commsize = MINIMUM(end - location, commLenIn - 1);
memcpy(command, location, commsize); memcpy(command, location, commsize);
command[commsize] = '\0'; command[commsize] = '\0';
*commLen = commsize; *commLen = commsize;
@ -824,7 +826,7 @@ static bool LinuxProcessList_recurseProcTree(LinuxProcessList* this, const char*
char command[MAX_NAME+1]; char command[MAX_NAME+1];
unsigned long long int lasttimes = (lp->utime + lp->stime); unsigned long long int lasttimes = (lp->utime + lp->stime);
int commLen = 0; int commLen = sizeof(command);
unsigned int tty_nr = proc->tty_nr; unsigned int tty_nr = proc->tty_nr;
if (! LinuxProcessList_readStatFile(proc, dirname, name, command, &commLen)) if (! LinuxProcessList_readStatFile(proc, dirname, name, command, &commLen))
goto errorReadingProcess; goto errorReadingProcess;