rpms/procps-ng
5
0
Fork 0
Code Issues Pull Requests Releases Activity

ps: buffer overflow

Browse Source 
Resolves: bz#2230186
This commit is contained in:
Jan Rybar 2023-08-14 14:46:16 +02:00
parent 0bdfdec03c
commit 38f403a184
2 changed files with 81 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
cve-2023-4016.patch Normal file
View File

@ -0,0 +1,75 @@
From 8e7c09895b2d8dc0d65980d757926351ad6817e8 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 14 Aug 2023 14:12:41 +0200
Subject: [PATCH] ps buffer overflow
Resolves: bz#2230186
---
local/xalloc.h | 2 +-
src/ps/parser.c | 11 ++++++-----
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/local/xalloc.h b/local/xalloc.h
index 8b4d368..a804689 100644
--- a/local/xalloc.h
+++ b/local/xalloc.h
@@ -42,7 +42,7 @@ void *xcalloc(const size_t nelems, const size_t size)
{
void *ret = calloc(nelems, size);
if (!ret && size && nelems)
- xerrx(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", size);
+ xerrx(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", nelems*size);
return ret;
}
diff --git a/src/ps/parser.c b/src/ps/parser.c
index 248aa74..c46855c 100644
--- a/src/ps/parser.c
+++ b/src/ps/parser.c
@@ -189,8 +189,8 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
const char *err; /* error code that could or did happen */
/*** prepare to operate ***/
node = xmalloc(sizeof(selection_node));
- node->u = xmalloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */
node->n = 0;
+ node->u = NULL;
buf = strdup(arg);
/*** sanity check and count items ***/
need_item = 1; /* true */
@@ -204,12 +204,13 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
need_item=1;
break;
default:
- if(need_item) items++;
+ if(need_item && items<INT_MAX) items++;
need_item=0;
}
} while (*++walk);
if(need_item) goto parse_error;
node->n = items;
+ node->u = xcalloc(items, sizeof(sel_union));
/*** actually parse the list ***/
walk = buf;
while(items--){
@@ -1050,15 +1051,15 @@ static const char *parse_trailing_pids(void){
thisarg = ps_argc - 1; /* we must be at the end now */
pidnode = xmalloc(sizeof(selection_node));
- pidnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */
+ pidnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */
pidnode->n = 0;
grpnode = xmalloc(sizeof(selection_node));
- grpnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */
+ grpnode->u = xcalloc(i,sizeof(sel_union)); /* waste is insignificant */
grpnode->n = 0;
sidnode = xmalloc(sizeof(selection_node));
- sidnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */
+ sidnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */
sidnode->n = 0;
while(i--){
--
2.40.1

7
procps-ng.spec
View File

@ -4,13 +4,14 @@
Summary: System and process monitoring utilities
Name: procps-ng
Version: 4.0.3
Release: 4%{?dist}
Release: 5%{?dist}
License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-2.1-or-later
URL: https://sourceforge.net/projects/procps-ng/
Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
Patch1: sysctl-nameonly-shows-value.patch
Patch2: cve-2023-4016.patch
BuildRequires: make
BuildRequires: ncurses-devel
@ -147,6 +148,10 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
%files i18n -f %{name}.lang
%changelog
* Mon Aug 14 2023 Jan Rybar <jrybar@redhat.com> - 4.0.3-5
- ps: buffer overflow
- Resolves: bz#2230186
* Mon Aug 07 2023 Lukáš Zaoral <lzaoral@redhat.com> - 4.0.3-4
- migrate to SPDX license format