Commit 7dd7bdb0 authored by Qualys Security Advisory's avatar Qualys Security Advisory Committed by Craig Small
Browse files

ps/output.c: Always null-terminate outbuf in show_one_proc().

Before "strlen(outbuf)", if one of the pr_*() functions forgot to do it.
This prevents an out-of-bounds read in strlen(), and an out-of-bounds
write in "outbuf[sz] = '\n'". Another solution would be to replace
strlen() with strnlen(), but this is not used anywhere else in the
code-base and may not exist in all libc's.
parent db25d037
......@@ -2120,6 +2120,7 @@ void show_one_proc(const proc_t *restrict const p, const format_node *restrict f
if(unlikely(space>SPACE_AMOUNT)) space=SPACE_AMOUNT; // only so much available
/* real size -- don't forget in 'amount' is number of cells */
outbuf[OUTBUF_SIZE-1] = '\0';
sz = strlen(outbuf);
/* print data, set x position stuff */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment