Blame SOURCES/procps-ng-3.3.10-CVE-2018-1122.patch

434353
diff -up ./top/top.c.ori ./top/top.c
434353
--- ./top/top.c.ori	2019-02-27 17:23:48.060408215 +0100
434353
+++ ./top/top.c	2019-02-28 15:28:11.321927877 +0100
434353
@@ -3437,6 +3437,20 @@ static int config_cvt (WIN_t *q) {
434353
 } // end: config_cvt
434353
 
434353
 
434353
+static int snprintf_Rc_name (const char *const format, ...) __attribute__((format(printf,1,2)));
434353
+static int snprintf_Rc_name (const char *const format, ...) {
434353
+   int len;
434353
+   va_list ap;
434353
+   va_start(ap, format);
434353
+   len = vsnprintf(Rc_name, sizeof(Rc_name), format, ap);
434353
+   va_end(ap);
434353
+   if (len <= 0 || (size_t)len >= sizeof(Rc_name)) {
434353
+      Rc_name[0] = '\0';
434353
+      return 0;
434353
+   }
434353
+   return len;
434353
+}
434353
+
434353
         /*
434353
          * Build the local RC file name then try to read both of 'em.
434353
          * 'SYS_RCFILESPEC' contains two lines consisting of the secure
434353
@@ -3458,8 +3472,18 @@ static void configs_read (void) {
434353
    FILE *fp;
434353
    int i;
434353
 
434353
+   Rc_name[0] = '\0'; // "fopen() shall fail if pathname is an empty string."
434353
    p = getenv("HOME");
434353
-   snprintf(Rc_name, sizeof(Rc_name), "%s/.%src", (p && *p) ? p : ".", Myname);
434353
+
434353
+   if (!p || p[0] != '/') {
434353
+      const struct passwd *const pwd = getpwuid(getuid());
434353
+      if (!pwd || !(p = pwd->pw_dir) || p[0] != '/') {
434353
+         p = NULL;
434353
+      }
434353
+   }
434353
+   if (p) {
434353
+      snprintf_Rc_name("%s/.%src", p, Myname);
434353
+   }
434353
 
434353
    fp = fopen(SYS_RCFILESPEC, "r");
434353
    if (fp) {