diff options
author | Daniel Lange <DLange@git.local> | 2021-02-02 06:45:23 +0100 |
---|---|---|
committer | Daniel Lange <DLange@git.local> | 2021-02-02 06:45:23 +0100 |
commit | c41f79d4da85e7156d0fb1e6fc979ffc038328f3 (patch) | |
tree | 3976b5c032b57b7ecf2fe7f3e336cf05153fe9c5 /debian | |
parent | 3dd4a25d33277d99595b8f5ce51c025bf5106f28 (diff) | |
download | debian_htop-c41f79d4da85e7156d0fb1e6fc979ffc038328f3.tar.gz debian_htop-c41f79d4da85e7156d0fb1e6fc979ffc038328f3.tar.bz2 debian_htop-c41f79d4da85e7156d0fb1e6fc979ffc038328f3.zip |
Add (first) hardening patch for makeCommandStr string handling
Upstream refactors the functions around string handling significantly.
This is a significant effort and not will likely introduce new issues at first.
Thus trying to apply just some hardening patches from that effort to htop in
preparation of the Bullseye release.
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 3 | ||||
-rw-r--r-- | debian/patches/0009-hardening.patch | 18 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 21 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 1a5e14a..503f04c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,8 +2,9 @@ htop (3.0.5-4) UNRELEASED; urgency=medium * Fix mouse use / scrolling in Infoscreens * Fix Shift-F3 (prev hit in search mode) for QT based terminals + * Harden string handling routine - -- Daniel Lange <DLange@debian.org> Mon, 01 Feb 2021 12:32:00 +0100 + -- Daniel Lange <DLange@debian.org> Tue, 02 Feb 2021 06:45:00 +0100 htop (3.0.5-3) unstable; urgency=medium diff --git a/debian/patches/0009-hardening.patch b/debian/patches/0009-hardening.patch new file mode 100644 index 0000000..e2b4638 --- /dev/null +++ b/debian/patches/0009-hardening.patch @@ -0,0 +1,18 @@ +Backport of commit 12208af7773775bf637ee2f8a07fdd6300238fc1 +Author: Benny Baumann <BenBE@geshi.org> +Date: Mon Feb 1 22:09:39 2021 +0100 + + DiD: Avoid negative cmdlineBasenameOffset + +--- a/linux/LinuxProcess.c ++++ b/linux/LinuxProcess.c +@@ -202,6 +202,9 @@ + size_t tokenLen; + const size_t commLen = strlen(comm); + ++ if (cmdlineBasenameOffset < 0) ++ return false; ++ + for (const char *token = cmdline + cmdlineBasenameOffset; *token; ) { + for (tokenBase = token; *token && *token != '\n'; ++token) { + if (*token == '/') { diff --git a/debian/patches/series b/debian/patches/series index fbb892e..f8c651e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,3 +6,4 @@ 0006-fix-infoscreen-mouse.patch 0007-fix-exit-in-signal-handler.patch 0008-add-qterm-keyboard-code.patch +0009-hardening.patch |