FreeBSD Bugzilla – Attachment 9493 Details for
Bug 19422
users can overflow argv to make ps segfault
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
ps.argoflow.diff
ps.argoflow.diff (text/plain; charset=us-ascii), 907 bytes, created by
mheffner
on 2001-12-12 04:18:54 UTC
(
hide
)
Description:
ps.argoflow.diff
Filename:
MIME Type:
Creator:
mheffner
Created:
2001-12-12 04:18:54 UTC
Size:
907 bytes
patch
obsolete
>Index: fmt.c >=================================================================== >RCS file: /home/ncvs/src/bin/ps/fmt.c,v >retrieving revision 1.14 >diff -u -r1.14 fmt.c >--- fmt.c 27 Aug 1999 23:14:51 -0000 1.14 >+++ fmt.c 12 Dec 2001 04:12:24 -0000 >@@ -61,7 +61,8 @@ > shquote(argv) > char **argv; > { >- long arg_max; >+ static long arg_max = -1; >+ long len; > char **p, *dst, *src; > static char *buf = NULL; > >@@ -80,13 +81,16 @@ > for (p = argv; (src = *p++) != 0; ) { > if (*src == 0) > continue; >- strvis(dst, src, VIS_NL | VIS_CSTYLE); >+ len = (4 * arg_max - (dst - buf)) / 4; >+ strvisx(dst, src, strlen(src) < len ? strlen(src) : len, >+ VIS_NL | VIS_CSTYLE); > while (*dst) > dst++; >- *dst++ = ' '; >+ if ((4 * arg_max - (dst - buf)) / 4 > 0) >+ *dst++ = ' '; > } > /* Chop off trailing space */ >- if (dst != buf) >+ if (dst != buf && dst[-1] == ' ') > dst--; > *dst = '\0'; > return (buf);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9493">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 19422
:
9492
| 9493