From ea53589f5df93453f7564be76a13d95b0ddbd3ea Mon Sep 17 00:00:00 2001
From: Jan Rybar <jrybar@redhat.com>
Date: Sun, 19 Jan 2025 13:47:42 +0100
Subject: [PATCH] fixed OSH findings Resolves: RHEL-44359

---
 osh-findings.patch | 183 +++++++++++++++++++++++++++++++++++++++++++++
 procps-ng.spec     |   8 +-
 2 files changed, 190 insertions(+), 1 deletion(-)
 create mode 100644 osh-findings.patch

diff --git a/osh-findings.patch b/osh-findings.patch
new file mode 100644
index 0000000..045e639
--- /dev/null
+++ b/osh-findings.patch
@@ -0,0 +1,183 @@
+diff --git a/library/pids.c b/library/pids.c
+index 6ae94ad..41673b5 100644
+--- a/library/pids.c
++++ b/library/pids.c
+@@ -1288,8 +1288,11 @@ PROCPS_EXPORT int procps_pids_new (
+         memcpy(p->items, items, sizeof(enum pids_item) * numitems);
+         p->items[numitems] = PIDS_logical_end;
+         pids_libflags_set(p);
+-        if (!pids_prep_func_array(p))
++        if (!pids_prep_func_array(p)) {
++            free(p->items);
++            free(p);
+             return -ENOMEM;
++        }
+     }
+ 
+     if (!(p->hist = calloc(1, sizeof(struct history_info)))
+diff --git a/src/pgrep.c b/src/pgrep.c
+index d8e57df..56c020f 100644
+--- a/src/pgrep.c
++++ b/src/pgrep.c
+@@ -127,7 +127,6 @@ static bool use_sigqueue = false;
+ static bool require_handler = false;
+ static union sigval sigval = {0};
+ 
+-static const char *opt_delim = "\n";
+ static struct el *opt_pgrp = NULL;
+ static struct el *opt_rgid = NULL;
+ static struct el *opt_pid = NULL;
+@@ -139,6 +138,7 @@ static struct el *opt_euid = NULL;
+ static struct el *opt_ruid = NULL;
+ static struct el *opt_nslist = NULL;
+ static struct el *opt_cgroup = NULL;
++static char *opt_delim = NULL;
+ static char *opt_pattern = NULL;
+ static char *opt_pidfile = NULL;
+ static char *opt_runstates = NULL;
+@@ -978,6 +978,7 @@ static void parse_opts (int argc, char **argv)
+             opt_count = 1;
+             break;
+         case 'd':   /* Solaris: change the delimiter */
++            free(opt_delim);
+             opt_delim = xstrdup (optarg);
+             break;
+         case 'f':   /* Solaris: match full process name (as in "ps -f") */
+@@ -1057,6 +1058,7 @@ static void parse_opts (int argc, char **argv)
+             opt_ns_pid = atoi(optarg);
+             if (opt_ns_pid == 0)
+ 		case 'r': /* match by runstate */
++            free(opt_runstates);
+ 			opt_runstates = xstrdup (optarg);
+ 			++criteria_count;
+ 			break;
+@@ -1133,6 +1135,8 @@ int main (int argc, char **argv)
+     struct epoll_event ev, events[32];
+ #endif
+ 
++    opt_delim = xstrdup("\n");
++
+ #ifdef HAVE_PROGRAM_INVOCATION_NAME
+     program_invocation_name = program_invocation_short_name;
+ #endif
+@@ -1154,6 +1158,8 @@ int main (int argc, char **argv)
+             else
+                 output_numlist (procs,num);
+         }
++        if (opt_delim)
++            free(opt_delim);
+         return !num;
+     case PKILL:
+         for (i = 0; i < num; i++) {
+@@ -1170,6 +1176,8 @@ int main (int argc, char **argv)
+         }
+         if (opt_count)
+             fprintf(stdout, "%d\n", num);
++        if (opt_delim)
++            free(opt_delim);
+         return !kill_count;
+ #ifdef ENABLE_PIDWAIT
+     case PIDWAIT:
+diff --git a/src/ps/parser.c b/src/ps/parser.c
+index 1f50a7a..9977f93 100644
+--- a/src/ps/parser.c
++++ b/src/ps/parser.c
+@@ -1076,28 +1076,44 @@ static const char *parse_trailing_pids(void){
+     case '-':  err = parse_pid(++data, grpnode->u + grpnode->n++); break;
+     case '+':  err = parse_pid(++data, sidnode->u + sidnode->n++); break;
+     }
+-    if(err) return err;     /* the node gets freed with the list */
++    if(err) goto error;
+   }
+ 
+   if(pidnode->n){
+     pidnode->next = selection_list;
+     selection_list = pidnode;
+     selection_list->typecode = SEL_PID;
+-  }  /* else free both parts */
++  }
++  else {
++    free(pidnode);
++  }
+ 
+   if(grpnode->n){
+     grpnode->next = selection_list;
+     selection_list = grpnode;
+     selection_list->typecode = SEL_PGRP;
+-  }  /* else free both parts */
++  }
++  else {
++    free(grpnode);
++  }
+ 
+   if(sidnode->n){
+     sidnode->next = selection_list;
+     selection_list = sidnode;
+     selection_list->typecode = SEL_SESS;
+-  }  /* else free both parts */
++  }
++  else {
++    free(sidnode);
++  }
+ 
+   return NULL;
++
++error:
++  free(pidnode);
++  free(grpnode);
++  free(sidnode);
++
++  return err;
+ }
+ 
+ /************** misc stuff ***********/
+diff --git a/src/ps/sortformat.c b/src/ps/sortformat.c
+index a76ddee..a4c98aa 100644
+--- a/src/ps/sortformat.c
++++ b/src/ps/sortformat.c
+@@ -165,8 +165,10 @@ static const char *aix_format_parse(sf_node *sfn){
+     if(*walk == '%'){
+       const aix_struct *aix;
+       walk++;
+-      if(*walk == '%')
++      if(*walk == '%'){
++        free(buf);
+         return _("missing AIX field descriptor");
++      }
+       aix = search_aix_array(*walk);
+       walk++;
+       if(!aix){
+diff --git a/src/top/top.c b/src/top/top.c
+index 969c553..5f507fe 100644
+--- a/src/top/top.c
++++ b/src/top/top.c
+@@ -3825,7 +3825,7 @@ static int cfg_xform (WIN_t *q, char *flds, const char *defs) {
+          q->rc.sortindx = (fields_dst[x] & 0x7f) - FLD_OFFSET;
+       }
+       // now we're in a 3.3.0 format (soon to be transformed) ...
+-      strcpy(flds, fields_dst);
++      strncpy(flds, fields_dst, f);
+    }
+ 
+    // lastly, let's attend to the 3.3.0 - 3.3.17 fieldcurs format ...
+@@ -3980,6 +3980,7 @@ end_oops:
+          * a configuration file (personal or system-wide default) */
+ static const char *configs_file (FILE *fp, const char *name, float *delay) {
+    char fbuf[LRGBUFSIZ];
++   char format_str[8];  // 6 would be enough, but in case LRGBUFSIZ gets larger in the future...
+    int i, n, tmp_whole, tmp_fract;
+    const char *p = NULL;
+ 
+@@ -4013,10 +4014,11 @@ static const char *configs_file (FILE *fp, const char *name, float *delay) {
+       WIN_t *w = &Winstk[i];
+       p = fmtmk(N_fmt(RC_bad_entry_fmt), i+1, name);
+ 
++      snprintf(format_str, sizeof(format_str), "%%%ds\n", LRGBUFSIZ-1);
+       if (1 != fscanf(fp, "%3s\tfieldscur=", w->rc.winname))
+          return p;
+       if (Rc.id < RCF_XFORMED_ID)
+-         fscanf(fp, "%s\n", fbuf);
++         fscanf(fp, format_str, fbuf);   // because uncapped scanf+%s is considered as nasty as gets
+       else {
+          for (j = 0; ; j++)
+             if (1 != fscanf(fp, "%d", &w->rc.fieldscur[j]))
diff --git a/procps-ng.spec b/procps-ng.spec
index 421093f..bdaead9 100644
--- a/procps-ng.spec
+++ b/procps-ng.spec
@@ -4,12 +4,14 @@
 Summary: System and process monitoring utilities
 Name: procps-ng
 Version: 4.0.4
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-2.1-or-later
 URL: https://sourceforge.net/projects/procps-ng/
 
 Source0: https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
 
+Patch1: osh-findings.patch
+
 BuildRequires: make
 BuildRequires: ncurses-devel
 BuildRequires: libtool
@@ -145,6 +147,10 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
 %files i18n -f %{name}.lang
 
 %changelog
+* Fri Jan 17 2025 Jan Rybar <jrybar@redhat.com> - 4.0.4-6
+- fixed OSH findings
+- Resolves: RHEL-44359
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.0.4-5
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018