File CVE-2018-1122.patch of Package procps.16210
---
top/top.1 | 4 ++--
top/top.c | 23 +++++++++++++++++++++--
2 files changed, 23 insertions(+), 4 deletions(-)
--- top/top.1
+++ top/top.1 2018-06-05 13:16:16.375193796 +0000
@@ -2000,8 +2000,8 @@ Here is the general layout:
" # discussed below
.fi
-If the $HOME variable is not present, \*(We will try to write the
-personal \*(CF to the current directory, subject to permissions.
+If a valid absolute path to the rcfile cannot be established, customizations
+made to a running \*(We will be impossible to preserve.
.\" ......................................................................
.SS 6c. ADDING INSPECT Entries
--- top/top.c
+++ top/top.c 2018-06-05 13:30:24.103901774 +0000
@@ -1679,6 +1679,9 @@ end_justifies:
// for calibrate_fields and summary_show 1st pass
#define L_DEFAULT PROC_FILLSTAT
+#define UNSAFE_SORTINDX(indx, size) \
+ ((indx) < 0 || (size_t)(indx) >= (size))
+
/* These are our gosh darn 'Fields' !
They MUST be kept in sync with pflags !! */
static FLD_t Fieldstab[] = {
@@ -1874,6 +1877,8 @@ static void build_headers (void) {
do {
if (VIZISw(w)) {
+ if (UNSAFE_SORTINDX(w->rc.sortindx, sizeof(Fieldstab) / sizeof(Fieldstab[0])))
+ w->rc.sortindx = EU_PID;
memset((s = w->columnhdr), 0, sizeof(w->columnhdr));
if (Rc.mode_altscr) s = scat(s, fmtmk("%d", w->winnum));
for (i = 0; i < w->maxpflgs; i++) {
@@ -2143,7 +2148,8 @@ static void fields_utility (void) {
#endif
#define swapEM { char c; unSCRL; c = w->rc.fieldscur[i]; \
w->rc.fieldscur[i] = *p; *p = c; p = &w->rc.fieldscur[i]; }
- #define spewFI { char *t; f = w->rc.sortindx; t = strchr(w->rc.fieldscur, f + FLD_OFFSET); \
+ #define spewFI { char *t; if (UNSAFE_SORTINDX(w->rc.sortindx, EU_MAXPFLGS)) w->rc.sortindx = EU_PID; \
+ f = w->rc.sortindx; t = strchr(w->rc.fieldscur, f + FLD_OFFSET); \
if (!t) t = strchr(w->rc.fieldscur, (f + FLD_OFFSET) | 0x80); \
i = (t) ? (int)(t - w->rc.fieldscur) : 0; }
WIN_t *w = Curwin; // avoid gcc bloat with a local copy
@@ -3424,6 +3430,8 @@ static int config_cvt (WIN_t *q) {
strcpy(q->rc.fieldscur, fields_dst);
// lastly, we must adjust the old sort field enum...
+ if (UNSAFE_SORTINDX(q->rc.sortindx, sizeof(fields_src) / sizeof(fields_src[0])))
+ return 1;
x = q->rc.sortindx;
q->rc.sortindx = fields_src[x] - FLD_OFFSET;
@@ -3452,8 +3460,15 @@ static void configs_read (void) {
FILE *fp;
int i;
+ Rc_name[0] = '\0'; // "fopen() shall fail if pathname is an empty string."
p = getenv("HOME");
- snprintf(Rc_name, sizeof(Rc_name), "%s/.%src", (p && *p) ? p : ".", Myname);
+ if (!p || p[0] != '/') {
+ const struct passwd *const pwd = getpwuid(getuid());
+ if (!pwd || !(p = pwd->pw_dir) || p[0] != '/')
+ p = NULL;
+ }
+ if (p)
+ snprintf(Rc_name, sizeof(Rc_name), "%s/.%src", p, Myname);
fp = fopen(SYS_RCFILESPEC, "r");
if (fp) {
@@ -3498,6 +3513,8 @@ static void configs_read (void) {
if (3 != fscanf(fp, "\twinflags=%d, sortindx=%d, maxtasks=%d\n"
, &w->rc.winflags, &w->rc.sortindx, &w->rc.maxtasks))
goto default_or_error;
+ if (UNSAFE_SORTINDX(w->rc.sortindx, sizeof(Fieldstab) / sizeof(Fieldstab[0])))
+ return p;
if (4 != fscanf(fp, "\tsummclr=%d, msgsclr=%d, headclr=%d, taskclr=%d\n"
, &w->rc.summclr, &w->rc.msgsclr
, &w->rc.headclr, &w->rc.taskclr))
@@ -5485,6 +5502,8 @@ static int window_show (WIN_t *q, int wm
else Frame_srtflg = -1;
Frame_ctimes = CHKw(q, Show_CTIMES); // this & next, only maybe
Frame_cmdlin = CHKw(q, Show_CMDLIN);
+ if (UNSAFE_SORTINDX(q->rc.sortindx, sizeof(Fieldstab) / sizeof(Fieldstab[0])))
+ q->rc.sortindx = EU_PID;
qsort(q->ppt, Frame_maxtask, sizeof(proc_t*), Fieldstab[q->rc.sortindx].sort);
}
