From cbe90d6ff951141ea576d747008daca88e99c1d3 Mon Sep 17 00:00:00 2001 From: cenhuilin Date: Thu, 21 Mar 2024 11:19:07 +0800 Subject: [PATCH] fix uid gid overflow --- pgrep-uid-gid-overflow.patch | 54 ++++++++++++++++++++++++++++++++++++ procps-ng.spec | 6 +++- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 pgrep-uid-gid-overflow.patch diff --git a/pgrep-uid-gid-overflow.patch b/pgrep-uid-gid-overflow.patch new file mode 100644 index 0000000..2bd73d7 --- /dev/null +++ b/pgrep-uid-gid-overflow.patch @@ -0,0 +1,54 @@ +From d279b2cff46efec314836f8bac88d742647bab4e Mon Sep 17 00:00:00 2001 +From: Todd Lewis +Date: Thu, 21 Mar 2024 10:57:31 +0800 +Subject: [PATCH] fix uid/gid > 2^31 + +--- + pgrep.c | 6 +++++- + proc/readproc.h | 12 ++++++------ + 2 files changed, 11 insertions(+), 7 deletions(-) + +diff --git a/pgrep.c b/pgrep.c +index 52264b7..b72e32d 100644 +--- a/pgrep.c ++++ b/pgrep.c +@@ -204,8 +204,12 @@ static int strict_atol (const char *restrict str, long *restrict value) + + for ( ; *str; ++str) { + if (! isdigit (*str)) +- return (0); ++ return 0; ++ if (res >= LONG_MAX / 10) ++ return 0; + res *= 10; ++ if (res >= LONG_MAX - (*str - '0')) ++ return 0; + res += *str - '0'; + } + *value = sign * res; +diff --git a/proc/readproc.h b/proc/readproc.h +index 7905ea9..7bdb37f 100644 +--- a/proc/readproc.h ++++ b/proc/readproc.h +@@ -159,12 +159,12 @@ typedef struct proc_t { + session, // stat session id + nlwp, // stat,status number of threads, or 0 if no clue + tgid, // (special) thread group ID, the POSIX PID (see also: tid) +- tty, // stat full device number of controlling terminal +- /* FIXME: int uids & gids should be uid_t or gid_t from pwd.h */ +- euid, egid, // stat(),status effective +- ruid, rgid, // status real +- suid, sgid, // status saved +- fuid, fgid, // status fs (used for file access only) ++ tty; // stat full device number of controlling terminal ++ uid_t euid; gid_t egid; // stat(),status effective ++ uid_t ruid; gid_t rgid; // status real ++ uid_t suid; gid_t sgid; // status saved ++ uid_t fuid; gid_t fgid; // status fs (used for file access only) ++ int + tpgid, // stat terminal process group id + exit_signal, // stat might not be SIGCHLD + processor; // stat current (or most recent?) CPU +-- +2.27.0 + diff --git a/procps-ng.spec b/procps-ng.spec index 288d0cb..c8f0afc 100644 --- a/procps-ng.spec +++ b/procps-ng.spec @@ -1,6 +1,6 @@ Name: procps-ng Version: 3.3.16 -Release: 19 +Release: 20 Summary: Utilities that provide system information. License: GPL+ and GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+ URL: https://sourceforge.net/projects/procps-ng/ @@ -26,6 +26,7 @@ Patch0013: backport-0014-ps-Fix-possible-buffer-overflow-in-C-option.patch Patch9000: feature-add-options-M-and-N-for-top.patch Patch9001: bugfix-top-exit-with-error-when-pid-overflow.patch +Patch9002: pgrep-uid-gid-overflow.patch Recommends: %{name}-help = %{version}-%{release} BuildRequires: ncurses-devel libtool autoconf automake gcc gettext-devel systemd-devel @@ -112,6 +113,9 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof %{_mandir}/translated %changelog +* Thu Mar 21 2024 cenhuilin - 3.3.16-20 +- fix uid gid overflow + * Tue Aug 15 2023 Liu Chao - 3.3.16-19 - ps: Fix possible buffer overflow in -C option -- Gitee