Red Hat Bugzilla – Bug 9699
top program needs some bounds checking :P
Last modified: 2008-05-01 11:37:54 EDT
from top.h: #define RCFILE ".toprc" ... #define SYS_TOPRC "/etc/toprc" ... #define MAXNAMELEN 1024 ... from top.c: void get_options(void) { ... char rcfile[MAXNAMELEN]; ... strcpy(rcfile, SYS_TOPRC); ... strcpy(Options, ""); if (getenv("HOME")) { strcpy(rcfile, getenv("HOME")); strcat(rcfile, "/"); } strcat(rcfile, RCFILE); ... Put em together: [root@king aic]# export HOME=`perl -e'print "A" x 5000;'` [root@king aic]# top Segmentation fault (core dumped) [root@king aic]# gdb top core GNU gdb 4.17.0.4 with Linux/x86 hardware watchpoint and FPU support ... This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)... Core was generated by `AAAA'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libproc.so.2.0.6...(no debugging symbols found)...done. Reading symbols from /usr/lib/libncurses.so.4...(no debugging symbols found)...done. Reading symbols from /lib/libc.so.6...done. Reading symbols from /lib/ld-linux.so.2...done. #0 0x41414141 in ?? () (gdb) info all-registers eax: 0xbfffe374 -1073749132 ecx: 0x0 0 edx: 0x0 0 ebx: 0x40156f0c 1075146508 esp: 0xbfffe87c -1073747844 ebp: 0x41414141 1094795585 esi: 0x4000ae60 1073786464 edi: 0xbfffea04 -1073747452 eip: 0x41414141 1094795585 You get the idea. Seeing as it's not sgid or suid not really a big deal, but there are other places in the program that need it to so should fix it up sometime. -Stan Bubrouski
[root@king procps-2.0.6]# rpm -q procps procps-2.0.6-4 I'm pretty sure all previous versions have same prob.
This top isn't setuid, and in fact will refuse to run if you make it setuid or setgid, so this only lets you shoot yourself in the foot, something you can do anyway without top. :-)