From 8b3efeedd5af59dd6a5bdb45be337f122d374707 Mon Sep 17 00:00:00 2001
From: Piotr Szczepanik <piter75@gmail.com>
Date: Fri, 16 Apr 2021 23:14:53 +0200
Subject: [PATCH 1/2] Fix unchecked buffer writes in custom htop code

---
 .../patches/fix-unchecked-buffer-writes.patch | 127 ++++++++++++++++++
 .../htop/debian/patches/series                |   1 +
 2 files changed, 128 insertions(+)
 create mode 100644 packages/extras-buildpkgs/htop/debian/patches/fix-unchecked-buffer-writes.patch

diff --git a/packages/extras-buildpkgs/htop/debian/patches/fix-unchecked-buffer-writes.patch b/packages/extras-buildpkgs/htop/debian/patches/fix-unchecked-buffer-writes.patch
new file mode 100644
index 0000000000..bdf21c06fc
--- /dev/null
+++ b/packages/extras-buildpkgs/htop/debian/patches/fix-unchecked-buffer-writes.patch
@@ -0,0 +1,127 @@
+diff --git a/Settings.c b/Settings.c
+index 912ad7d..94503f6 100644
+--- a/Settings.c
++++ b/Settings.c
+@@ -273,37 +273,37 @@ static bool Settings_read(Settings* this, const char* fileName) {
+          Settings_readMeterModes(this, option[1], 1);
+          didReadMeters = true;
+       } else if (String_eq(option[0], "BoardName")) {
+-         strcpy(this->BoardName,option[1]);
++         String_safeStrncpy(this->BoardName, option[1], sizeof(this->BoardName));
+          didReadMeters = true;
+       } else if (String_eq(option[0], "CpuFreq_handler")) {
+-         strcpy(this->CpuFreq_handler,option[1]);
++         String_safeStrncpy(this->CpuFreq_handler, option[1], sizeof(this->CpuFreq_handler));
+          didReadMeters = true;
+       } else if (String_eq(option[0], "CpuTemp_handler")) {
+-         strcpy(this->CpuTemp_handler,option[1]);
++         String_safeStrncpy(this->CpuTemp_handler, option[1], sizeof(this->CpuTemp_handler));
+          didReadMeters = true;
+       } else if (String_eq(option[0], "CpuVCore_l_handler")) {
+-         strcpy(this->CpuVCore_l_handler,option[1]);
++         String_safeStrncpy(this->CpuVCore_l_handler, option[1], sizeof(this->CpuVCore_l_handler));
+          didReadMeters = true;
+       } else if (String_eq(option[0], "CpuVCore_b_handler")) {
+-         strcpy(this->CpuVCore_b_handler,option[1]);
++         String_safeStrncpy(this->CpuVCore_b_handler, option[1], sizeof(this->CpuVCore_b_handler));
+          didReadMeters = true;
+       } else if (String_eq(option[0], "GpuVCore_handler")) {
+-         strcpy(this->GpuVCore_handler,option[1]);
++         String_safeStrncpy(this->GpuVCore_handler, option[1], sizeof(this->GpuVCore_handler));
+          didReadMeters = true;
+       } else if (String_eq(option[0], "GpuTemp_handler")) {
+-         strcpy(this->GpuTemp_handler,option[1]);
++         String_safeStrncpy(this->GpuTemp_handler, option[1], sizeof(this->GpuTemp_handler));
+          didReadMeters = true;
+       } else if (String_eq(option[0], "eth0_alias")) {
+-         strcpy(this->eth0_alias,option[1]);
++         String_safeStrncpy(this->eth0_alias, option[1], sizeof(this->eth0_alias));
+          didReadMeters = true;
+       } else if (String_eq(option[0], "eth1_alias")) {
+-         strcpy(this->eth1_alias,option[1]);
++         String_safeStrncpy(this->eth1_alias, option[1], sizeof(this->eth1_alias));
+          didReadMeters = true;
+       } else if (String_eq(option[0], "wlan0_alias")) {
+-         strcpy(this->wlan0_alias,option[1]);
++         String_safeStrncpy(this->wlan0_alias, option[1], sizeof(this->wlan0_alias));
+          didReadMeters = true;
+       } else if (String_eq(option[0], "wlan1_alias")) {
+-         strcpy(this->wlan1_alias,option[1]);
++         String_safeStrncpy(this->wlan1_alias, option[1], sizeof(this->wlan1_alias));
+          didReadMeters = true;
+       }  
+ 
+diff --git a/StringUtils.c b/StringUtils.c
+index 0578cde..fd1c3db 100644
+--- a/StringUtils.c
++++ b/StringUtils.c
+@@ -154,3 +154,15 @@ char* String_readLine(FILE* fd) {
+       at = buffer + bufSize - step;
+    }
+ }
++
++size_t String_safeStrncpy(char *restrict dest, const char *restrict src, size_t size) {
++   assert(size > 0);
++
++   size_t i = 0;
++   for (; i < size - 1 && src[i]; i++)
++      dest[i] = src[i];
++
++   dest[i] = '\0';
++
++   return i;
++}
+diff --git a/StringUtils.h b/StringUtils.h
+index d3378b3..22d0bd5 100644
+--- a/StringUtils.h
++++ b/StringUtils.h
+@@ -33,4 +33,6 @@ char* String_getToken(const char* line, const unsigned short int numMatch);
+ 
+ char* String_readLine(FILE* fd);
+ 
++size_t String_safeStrncpy(char *restrict dest, const char *restrict src, size_t size);
++
+ #endif
+diff --git a/interfaces.c b/interfaces.c
+index aa41d2a..312851b 100644
+--- a/interfaces.c
++++ b/interfaces.c
+@@ -22,6 +22,7 @@
+ 
+ #include "interfaces.h"
+ #include "Settings.h"
++#include "StringUtils.h"
+ 
+ #define BLEN 256
+ /*
+@@ -72,10 +73,10 @@ int ReadKeyValue( char *fname, char *key, char *value) {
+                             break;
+                 }
+                 *str_end = 0;
+-                strcpy(value, str);
++                String_safeStrncpy(value, str, sizeof(value));
+                 fd = 1;
+             } else {
+-                strcpy(value, str);
++                String_safeStrncpy(value, str, sizeof(value));
+                 fd = 1;
+             }
+         }
+@@ -107,7 +108,7 @@ int ReadTokenValue( char *fname, char *key, char *value) {
+                     str_end++;
+             }
+             *str_end = 0;
+-            strcpy(value, str);
++            String_safeStrncpy(value, str, sizeof(value));
+             fd = 1;
+         }
+     }
+@@ -154,7 +155,7 @@ int FindDataValueFromKey( char *fname, char *key, char *value) {
+             if (strcasecmp(str_start, key) == 0) {
+                 str = str_end + 1;
+                 str = trim(str);
+-                strcpy(value, str);
++                String_safeStrncpy(value, str, sizeof(value));
+                 printf("key: %s, value: %s\n", str_start, str);
+                 fd = 1;
+                 break;
diff --git a/packages/extras-buildpkgs/htop/debian/patches/series b/packages/extras-buildpkgs/htop/debian/patches/series
index a5a75309fe..084cfd3075 100644
--- a/packages/extras-buildpkgs/htop/debian/patches/series
+++ b/packages/extras-buildpkgs/htop/debian/patches/series
@@ -5,4 +5,5 @@ remove-fancy-flashing.patch
 fix-cpufreq-meter-on-biglittle.patch
 fix-cpufreq-meter-for-non-root.patch
 cpu-temperatute-from-hwmon.patch
+fix-unchecked-buffer-writes.patch
 

From 816187bd9e98f6beccdadda914a4267b071e3314 Mon Sep 17 00:00:00 2001
From: Piotr Szczepanik <piter75@gmail.com>
Date: Sun, 18 Apr 2021 22:16:07 +0200
Subject: [PATCH 2/2] Made clear what the patch fixes and add notes on code
 sources

---
 .../htop/debian/patches/avafinger-cpu-monitor.patch       | 8 ++++++++
 ...nchecked-buffer-writes-in-avafinger-cpu-monitor.patch} | 4 +++-
 packages/extras-buildpkgs/htop/debian/patches/series      | 3 +--
 3 files changed, 12 insertions(+), 3 deletions(-)
 rename packages/extras-buildpkgs/htop/debian/patches/{fix-unchecked-buffer-writes.patch => fix-unchecked-buffer-writes-in-avafinger-cpu-monitor.patch} (96%)

diff --git a/packages/extras-buildpkgs/htop/debian/patches/avafinger-cpu-monitor.patch b/packages/extras-buildpkgs/htop/debian/patches/avafinger-cpu-monitor.patch
index cd3b1a34a6..04970f56c9 100644
--- a/packages/extras-buildpkgs/htop/debian/patches/avafinger-cpu-monitor.patch
+++ b/packages/extras-buildpkgs/htop/debian/patches/avafinger-cpu-monitor.patch
@@ -1,3 +1,11 @@
+This patch file contains code from @avafinger's htop_2.2.2 repository.
+
+It is the result of diff between:
+https://github.com/avafinger/htop_2.2.2/commit/dc21e5f6
+and:
+https://github.com/hishamhm/htop/tree/2.2.0
+
+---
 diff --git a/Armbian_Meter.c b/Armbian_Meter.c
 new file mode 100644
 index 0000000..183032b
diff --git a/packages/extras-buildpkgs/htop/debian/patches/fix-unchecked-buffer-writes.patch b/packages/extras-buildpkgs/htop/debian/patches/fix-unchecked-buffer-writes-in-avafinger-cpu-monitor.patch
similarity index 96%
rename from packages/extras-buildpkgs/htop/debian/patches/fix-unchecked-buffer-writes.patch
rename to packages/extras-buildpkgs/htop/debian/patches/fix-unchecked-buffer-writes-in-avafinger-cpu-monitor.patch
index bdf21c06fc..d9d115c8b5 100644
--- a/packages/extras-buildpkgs/htop/debian/patches/fix-unchecked-buffer-writes.patch
+++ b/packages/extras-buildpkgs/htop/debian/patches/fix-unchecked-buffer-writes-in-avafinger-cpu-monitor.patch
@@ -55,11 +55,13 @@ diff --git a/StringUtils.c b/StringUtils.c
 index 0578cde..fd1c3db 100644
 --- a/StringUtils.c
 +++ b/StringUtils.c
-@@ -154,3 +154,15 @@ char* String_readLine(FILE* fd) {
+@@ -154,3 +154,17 @@ char* String_readLine(FILE* fd) {
        at = buffer + bufSize - step;
     }
  }
 +
++// Function borowed from upstream htop, see:
++// https://github.com/htop-dev/htop/blob/feec16cbb53dabc6a52ef2f69a6a13798be82617/XUtils.c#L196-L206
 +size_t String_safeStrncpy(char *restrict dest, const char *restrict src, size_t size) {
 +   assert(size > 0);
 +
diff --git a/packages/extras-buildpkgs/htop/debian/patches/series b/packages/extras-buildpkgs/htop/debian/patches/series
index 084cfd3075..9c1db79247 100644
--- a/packages/extras-buildpkgs/htop/debian/patches/series
+++ b/packages/extras-buildpkgs/htop/debian/patches/series
@@ -1,9 +1,8 @@
 780-fix-option-string.patch
 fix-linux-process.patch
 avafinger-cpu-monitor.patch
+fix-unchecked-buffer-writes-in-avafinger-cpu-monitor.patch
 remove-fancy-flashing.patch
 fix-cpufreq-meter-on-biglittle.patch
 fix-cpufreq-meter-for-non-root.patch
 cpu-temperatute-from-hwmon.patch
-fix-unchecked-buffer-writes.patch
-