From c41f79d4da85e7156d0fb1e6fc979ffc038328f3 Mon Sep 17 00:00:00 2001
From: Daniel Lange <DLange@git.local>
Date: Tue, 2 Feb 2021 06:45:23 +0100
Subject: Add (first) hardening patch for makeCommandStr string handling

Upstream refactors the functions around string handling significantly.
This is a significant effort and not will likely introduce new issues at first.
Thus trying to apply just some hardening patches from that effort to htop in
preparation of the Bullseye release.
---
 debian/changelog                    |  3 ++-
 debian/patches/0009-hardening.patch | 18 ++++++++++++++++++
 debian/patches/series               |  1 +
 3 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 debian/patches/0009-hardening.patch

diff --git a/debian/changelog b/debian/changelog
index 1a5e14a..503f04c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,9 @@ htop (3.0.5-4) UNRELEASED; urgency=medium
 
   * Fix mouse use / scrolling in Infoscreens
   * Fix Shift-F3 (prev hit in search mode) for QT based terminals
+  * Harden string handling routine
 
- -- Daniel Lange <DLange@debian.org>  Mon, 01 Feb 2021 12:32:00 +0100
+ -- Daniel Lange <DLange@debian.org>  Tue, 02 Feb 2021 06:45:00 +0100
 
 htop (3.0.5-3) unstable; urgency=medium
 
diff --git a/debian/patches/0009-hardening.patch b/debian/patches/0009-hardening.patch
new file mode 100644
index 0000000..e2b4638
--- /dev/null
+++ b/debian/patches/0009-hardening.patch
@@ -0,0 +1,18 @@
+Backport of commit 12208af7773775bf637ee2f8a07fdd6300238fc1
+Author: Benny Baumann <BenBE@geshi.org>
+Date:   Mon Feb 1 22:09:39 2021 +0100
+
+    DiD: Avoid negative cmdlineBasenameOffset
+
+--- a/linux/LinuxProcess.c
++++ b/linux/LinuxProcess.c
+@@ -202,6 +202,9 @@
+    size_t tokenLen;
+    const size_t commLen = strlen(comm);
+ 
++   if (cmdlineBasenameOffset < 0)
++      return false;
++
+    for (const char *token = cmdline + cmdlineBasenameOffset; *token; ) {
+       for (tokenBase = token; *token && *token != '\n'; ++token) {
+          if (*token == '/') {
diff --git a/debian/patches/series b/debian/patches/series
index fbb892e..f8c651e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@
 0006-fix-infoscreen-mouse.patch
 0007-fix-exit-in-signal-handler.patch
 0008-add-qterm-keyboard-code.patch
+0009-hardening.patch
-- 
cgit v1.2.3