rpms/procps-ng
7
0
Fork 0
Code Issues Pull Requests Releases Activity

ps: out-of-bonds read in quick mode

Browse Source
This commit is contained in:
Jan Rybar 2023-01-18 15:49:14 +00:00
parent ff1b03de5d
commit 670326cb0b
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
procps-ng.spec
View File

@ -4,7 +4,7 @@
Summary: System and process monitoring utilities Summary: System and process monitoring utilities
Name: procps-ng Name: procps-ng
Version: 3.3.17 Version: 3.3.17
Release: 9%{?dist} Release: 10%{?dist}
License: GPL+ and GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+ License: GPL+ and GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+
URL: https://sourceforge.net/projects/procps-ng/ URL: https://sourceforge.net/projects/procps-ng/
@ -23,6 +23,7 @@ Patch5: sysctl-support-systemd-globs.patch
Patch6: sysctl-print-dotted-keys-again.patch Patch6: sysctl-print-dotted-keys-again.patch
Patch7: pgrep-uid-gid-overflow-backport.patch Patch7: pgrep-uid-gid-overflow-backport.patch
Patch8: display-sig-unsafe.patch Patch8: display-sig-unsafe.patch
Patch9: ps-out-of-bonds-read.patch
BuildRequires: make BuildRequires: make
@ -166,6 +167,10 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
%files i18n -f %{name}.lang %files i18n -f %{name}.lang
%changelog %changelog
* Wed Jan 18 2023 Jan Rybar <jrybar@redhat.com> - 3.3.17-10
- ps: out-of-bonds read in quick mode
- Resolves: rhbz#2161648
* Tue Nov 29 2022 Jan Rybar <jrybar@redhat.com> - 3.3.17-9 * Tue Nov 29 2022 Jan Rybar <jrybar@redhat.com> - 3.3.17-9
- display.c: backport: async-signal-unsafe handler deadlocks on SIGHUP - display.c: backport: async-signal-unsafe handler deadlocks on SIGHUP
- Resolves: rhbz#2141697 - Resolves: rhbz#2141697

23
ps-out-of-bonds-read.patch Normal file
View File

@ -0,0 +1,23 @@
diff --git a/ps/display.c b/ps/display.c
index 1927fd6..e7ab351 100644
--- a/ps/display.c
+++ b/ps/display.c
@@ -357,7 +357,7 @@ static void simple_spew(void){
if (selection_list && selection_list->typecode == SEL_PID_QUICK) {
flags |= PROC_PID;
- pidlist = (pid_t*) malloc(selection_list->n * sizeof(pid_t));
+ pidlist = (pid_t*) malloc((selection_list->n + 1) * sizeof(pid_t));
if (!pidlist) {
fprintf(stderr, _("error: not enough memory\n"));
exit(1);
@@ -366,6 +366,9 @@ static void simple_spew(void){
for (i = 0; i < selection_list->n; i++) {
pidlist[i] = selection_list->u[selection_list->n-i-1].pid;
}
+
+ // delimit the array with nul object (0); RHBZ#2153813
+ pidlist[selection_list->n] = (pid_t)0;
}
ptp = openproc(flags, pidlist);