[Security] Problem found in htop (your patches)

[BenBE]

Describe the bug
Several security issues in your downstream patches to htop.

To reproduce
Have a look at those patches and see how many instances of unchecked buffer writes they contain, potentially allowing for DoS or code execution. One such major offender is the avafinger-cpu-monitor.patch. Look for strcpy.

Provide logs:
Please contact upstream for full details.

[lanefu]

Do you have any suggested remediations?

[BenBE]

In the easiest case you should replace those strcpy calls by checked calls like strncpy to ensure no write beyond the end of the allocated buffers is possible. Recent versions of htop also include a function String_safeStrncpy in XUtils.c, that further avoids one pitfal regarding plain use of strncpy alone.

Overall all externally provided strings should either be copied into dynamically managed buffers (xStrdup) or length-checked before further processing, when statically allocated buffers are used.

[piter75]

@BenBE thanks for the heads-up!
The patches were copied over without proper attention :(
We will most probably borrow String_safeStrncpy from the current htop version to fix it.