From b37f798df0c3a745dbc4c1fc8e98b070bcd3ecf3 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <carlosgc@gnome.org>
Date: Thu, 30 Nov 2006 13:36:33 +0000
Subject: [PATCH] Fix CVE-2006-5864.

2006-11-30  Carlos Garcia Campos  <carlosgc@gnome.org>
	* ps/ps.c: (get_next_text):
	Fix CVE-2006-5864.
---
 ChangeLog | 6 ++++++
 ps/ps.c   | 6 ++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 40a70066..fdfb9e17 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-11-30  Carlos Garcia Campos  <carlosgc@gnome.org>
+
+	* ps/ps.c: (get_next_text):
+
+	Fix CVE-2006-5864.
+
 2006-11-22  Carlos Garcia Campos  <carlosgc@gnome.org>
 
 	* shell/ev-history.c: (ev_history_finalize), (ev_history_class_init):
diff --git a/ps/ps.c b/ps/ps.c
index 30b9e567..b4b54e05 100644
--- a/ps/ps.c
+++ b/ps/ps.c
@@ -1231,7 +1231,8 @@ get_next_text(line, next_char)
     int level = 0;
     quoted = 1;
     line++;
-    while(*line && !(*line == ')' && level == 0)) {
+    while(*line && !(*line == ')' && level == 0)
+	  && (cp - text) < PSLINELENGTH - 1) {
       if(*line == '\\') {
         if(*(line + 1) == 'n') {
           *cp++ = '\n';
@@ -1302,7 +1303,8 @@ get_next_text(line, next_char)
     }
   }
   else {
-    while(*line && !(*line == ' ' || *line == '\t' || *line == '\n'))
+    while(*line && !(*line == ' ' || *line == '\t' || *line == '\n')
+	  && (cp - text) < PSLINELENGTH - 1)
       *cp++ = *line++;
   }
   *cp = '\0';
-- 
2.43.5