diff options
author | lum <lum@cvs.openbsd.org> | 2010-03-23 16:16:10 +0000 |
---|---|---|
committer | lum <lum@cvs.openbsd.org> | 2010-03-23 16:16:10 +0000 |
commit | bfe9723d3f3e6b549617a3a7bbe2f2984124f8bd (patch) | |
tree | 46fb9b08ca189437125e86d40b0908b3519dfb6c /usr.bin | |
parent | c97aeae152754a9f6e5405761b22437a889b220d (diff) |
Fix pointer usage with the renice and kill error message structure. Pointer was used without allocating memory. ok beck@ otto@
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/top/commands.c | 67 | ||||
-rw-r--r-- | usr.bin/top/top.c | 4 | ||||
-rw-r--r-- | usr.bin/top/top.h | 5 |
3 files changed, 51 insertions, 25 deletions
diff --git a/usr.bin/top/commands.c b/usr.bin/top/commands.c index d2b85bcb87c..b3849011a16 100644 --- a/usr.bin/top/commands.c +++ b/usr.bin/top/commands.c @@ -1,4 +1,4 @@ -/* $OpenBSD: commands.c,v 1.28 2007/05/29 00:56:56 otto Exp $ */ +/* $OpenBSD: commands.c,v 1.29 2010/03/23 16:16:09 lum Exp $ */ /* * Top users/processes display for Unix @@ -37,6 +37,7 @@ #include <sys/types.h> #include <stdio.h> +#include <err.h> #include <ctype.h> #include <errno.h> #include <stdlib.h> @@ -53,7 +54,7 @@ #include "machine.h" static char *next_field(char *); -static int scanint(char *, int *); +static int scan_arg(char *, int *, char *); static char *err_string(void); static size_t str_adderr(char *, size_t, int); static size_t str_addarg(char *, size_t, char *, int); @@ -77,25 +78,35 @@ next_field(char *str) return (*str == '\0' ? NULL : str); } +/* + * Scan the renice or kill interactive arguments for data and/or errors. + */ static int -scanint(char *str, int *intp) +scan_arg(char *str, int *intp, char *nptr) { - int val = 0; + int val = 0, bad_flag = 0; char ch; - /* if there is nothing left of the string, flag it as an error */ - /* This fix is dedicated to Greg Earle */ + *nptr = '\0'; + if (*str == '\0') return (-1); while ((ch = *str++) != '\0') { - if (isdigit(ch)) - val = val * 10 + (ch - '0'); - else if (isspace(ch)) + if (isspace(ch)) break; + else if (!isdigit(ch)) + bad_flag = 1; else - return (-1); + val = val * 10 + (ch - '0'); + + *(nptr++) = ch; } + *nptr = '\0'; + + if (bad_flag == 1) + return(-1); + *intp = val; return (0); } @@ -123,7 +134,9 @@ static char *err_listem = if (errcnt >= ERRMAX) { \ return(err_toomany); \ } else { \ - errs[errcnt].arg = (p); \ + free(errs[errcnt].arg); \ + if ((errs[errcnt].arg = strdup(p)) == NULL) \ + err(1, "strdup"); \ errs[errcnt++].err = (e); \ } @@ -252,6 +265,7 @@ kill_procs(char *str) { int signum = SIGTERM, procnum; uid_t uid, puid; + char tempbuf[TEMPBUFSIZE]; char *nptr; /* reset error array */ @@ -270,7 +284,7 @@ kill_procs(char *str) return (" kill: no processes specified"); if (isdigit(str[1])) { - (void) scanint(str + 1, &signum); + (void) scan_arg(str + 1, &signum, nptr); if (signum <= 0 || signum >= NSIG) return (" invalid signal number"); } else { @@ -287,19 +301,20 @@ kill_procs(char *str) /* put the new pointer in place */ str = nptr; } + nptr = tempbuf; /* loop thru the string, killing processes */ do { - if (scanint(str, &procnum) == -1) { - ERROR(str, 0); + if (scan_arg(str, &procnum, nptr) == -1) { + ERROR(nptr, 0); } else { /* check process owner if we're not root */ puid = proc_owner(procnum); if (puid == (uid_t)(-1)) { - ERROR(str, ESRCH); + ERROR(nptr, ESRCH); } else if (uid && (uid != puid)) { - ERROR(str, EACCES); + ERROR(nptr, EACCES); } else if (kill(procnum, signum) == -1) { - ERROR(str, errno); + ERROR(nptr, errno); } } } while ((str = next_field(str)) != NULL); @@ -318,17 +333,25 @@ renice_procs(char *str) uid_t uid; char negate; int prio, procnum; + char tempbuf[TEMPBUFSIZE]; + char *nptr; ERR_RESET; uid = getuid(); + /* skip over leading white space */ + while (isspace(*str)) + str++; + /* allow for negative priority values */ if ((negate = (*str == '-')) != 0) { /* move past the minus sign */ str++; } + + nptr = tempbuf; /* use procnum as a temporary holding place and get the number */ - procnum = scanint(str, &prio); + procnum = scan_arg(str, &prio, nptr); /* negate if necessary */ if (negate) @@ -346,14 +369,14 @@ renice_procs(char *str) /* loop thru the process numbers, renicing each one */ do { - if (scanint(str, &procnum) == -1) { - ERROR(str, 0); + if (scan_arg(str, &procnum, nptr) == -1) { + ERROR(nptr, 0); } /* check process owner if we're not root */ else if (uid && (uid != proc_owner(procnum))) { - ERROR(str, EACCES); + ERROR(nptr, EACCES); } else if (setpriority(PRIO_PROCESS, procnum, prio) == -1) { - ERROR(str, errno); + ERROR(nptr, errno); } } while ((str = next_field(str)) != NULL); diff --git a/usr.bin/top/top.c b/usr.bin/top/top.c index c7d322f3b3a..58722f957f4 100644 --- a/usr.bin/top/top.c +++ b/usr.bin/top/top.c @@ -1,4 +1,4 @@ -/* $OpenBSD: top.c,v 1.71 2010/03/22 12:20:25 lum Exp $ */ +/* $OpenBSD: top.c,v 1.72 2010/03/23 16:16:09 lum Exp $ */ /* * Top users/processes display for Unix @@ -532,7 +532,7 @@ restart: int rundisplay(void) { - static char tempbuf[50]; + static char tempbuf[TEMPBUFSIZE]; sigset_t mask; char ch, *iptr; int change, i; diff --git a/usr.bin/top/top.h b/usr.bin/top/top.h index 2e181281eca..aafd239461c 100644 --- a/usr.bin/top/top.h +++ b/usr.bin/top/top.h @@ -1,4 +1,4 @@ -/* $OpenBSD: top.h,v 1.12 2010/02/05 10:21:10 otto Exp $ */ +/* $OpenBSD: top.h,v 1.13 2010/03/23 16:16:09 lum Exp $ */ /* * Top users/processes display for Unix @@ -52,6 +52,9 @@ /* maximum number we can have */ #define Largest 0x7fffffff +/* Interactive temp string buffer size */ +#define TEMPBUFSIZE 50 + /* * The entire display is based on these next numbers being defined as is. */ |