Add (first) hardening patch for makeCommandStr string handling

Upstream refactors the functions around string handling significantly.
This is a significant effort and not will likely introduce new issues at first.
Thus trying to apply just some hardening patches from that effort to htop in
preparation of the Bullseye release.

2 files changed, 19 insertions, 0 deletions

diff --git a/debian/patches/0009-hardening.patch b/debian/patches/0009-hardening.patch
new file mode 100644
index 0000000..e2b4638
--- /dev/null
+++ b/debian/patches/0009-hardening.patch
@@ -0,0 +1,18 @@
+Backport of commit 12208af7773775bf637ee2f8a07fdd6300238fc1
+Author: Benny Baumann <BenBE@geshi.org>
+Date:   Mon Feb 1 22:09:39 2021 +0100
+
+    DiD: Avoid negative cmdlineBasenameOffset
+
+--- a/linux/LinuxProcess.c
++++ b/linux/LinuxProcess.c
+@@ -202,6 +202,9 @@
+    size_t tokenLen;
+    const size_t commLen = strlen(comm);
+ 
++   if (cmdlineBasenameOffset < 0)
++      return false;
++
+    for (const char *token = cmdline + cmdlineBasenameOffset; *token; ) {
+       for (tokenBase = token; *token && *token != '\n'; ++token) {
+          if (*token == '/') {
diff --git a/debian/patches/series b/debian/patches/series
index fbb892e..f8c651e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@
 0006-fix-infoscreen-mouse.patch
 0007-fix-exit-in-signal-handler.patch
 0008-add-qterm-keyboard-code.patch
+0009-hardening.patch