Right now, if read() returns less than 127 bytes (the most likely case),
the end of the "string" buf will contain garbage from the stack, because
buf is always null-terminated at a fixed offset 127. This is especially
bad because the next operation is a strrchr().
Also, make sure that the whole /proc/PID/stat file is read, otherwise
its parsing may be unsafe (the strrchr() may point into user-controlled
data, comm). This should never happen with the current file format (comm
is very short), but be safe, just in case.
First problem: saved_argc was used to calculate the size of the array,
but saved_argc was never initialized. This triggers an immediate heap-
based buffer overflow:
$ skill -c0 -c0 -c0 -c0
Segmentation fault (core dumped)
Second problem: saved_argc was not the upper bound anyway, because one
argument can ENLIST() several times (for example, in parse_namespaces())
and overflow the array as well.
Third problem: integer overflow of the size of the array.
No need to "pid_count++;" because "ENLIST(pid," does it already. Right
now this can trigger a heap-based buffer overflow.
Also, remove the unneeded "pid_count = 0;" (it is static, and
skillsnice_parse() is called only once; and the other *_count variables
are not initialized explicitly either).
The memmove() itself does not move the NULL-terminator, because nargs is
decremented first. Copy how skill_sig_option() does it: decrement nargs
last, and remove the "if (nargs - i)" (we are in "while (i < nargs)").
man getline: "If *lineptr is set to NULL and *n is set 0 before the
call, then getline() will allocate a buffer for storing the line. This
buffer should be freed by the user program even if getline() failed."
The combined results of merge request #49 without that
overhead plus distortion in this repository's history.
Prototyped-by: Wayne Porter <wporter82@gmail.com>
The previous commit would not work in newlib. Further investigation
found a better way of parsing this extra option using optind
References:
commit 536cea324b
kill -lHUP would work correctly, but kill -l HUP would not.
The list option in kill was hit by a quirk of getopt_long where an
option with an optional argument would not attempt to get the argument
beyond the space, even though a mandatory argument would do that.
The fix is a kludge to scan to the next argument and if it looks
like something we can use, use it. Lucky for us, the list option is
one where parsing can stop immediately.
Thanks to Brian Vandenberg for the way forward.
References:
http://stackoverflow.com/questions/1052746/getopt-does-not-parse-optional-arguments-to-parametershttps://bugs.debian.org/854407
On MacOS the system already has user_from_uid and group_from_gid.
These are renamed pwcache_get_user and pwcache_get_group.
For the old library, pwcache_get_user needs to be exported
for skill.
References:
https://gitlab.com/procps-ng/procps/issues/34
Signed-off-by: Craig Small <csmall@enc.com.au>
Shell kill would report a problem if you tried to kill a process
while procps kill was silent. This meant it looked like kill worked
when it actually failed.
References:
https://bugs.debian.org/733172
This makes a command such as `kill -TERM` or `kill -9` fails and prints
usage, instead of silently succeeding.
The behavior is consistent with how `kill` behaves without an explicit
signal, or with the behavior of the `kill` builtin in a shell like bash.
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
Have skill_sig_option sanitize the command line by properly decrementing
*argc after moving the arguments to remove the -signal one.
One bug caused by this issue was when running `kill -1`, then the code
would interpret -1 as both SIGHUP and as process group -1 and send
SIGHUP to all of them. Or `kill -28` which would send SIGWINCH to
process group -2 (in another bug, the -pgid support only accepts a
single digit, fix for that bug will follow.)
This also reverts commit 7610b3128e ("skill: fix command line with
signal") which worked around this bug in `skill` and also removes the
"sigopt" hack which worked around this bug in `kill`.
The skill_sig_option implementation is compatible with signal_option()
from pgrep.c. I plan to factor them out into a single source file in a
follow up commit, to prevent the duplication.
This commit fixes the issues reported above. I also tested the issues
from commit 7610b3128e, `skill -9 -t pts/0` works as expected, also
tried `kill` with -signal and a number of pids and it worked as
expected.
Also tested that `make check` and `make distcheck` keep working.
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
If skill was used with a signal number then it would intepret
the command line with last option interpreted twice. This often
confused the program so it just would end up killing nothing.
So this would work:
skill -t pts/0
This would not:
skill -9 -t pts/0
The kill path (in the same file) uses the same logic that has
been introduced here.
References: https://www.freelists.org/post/procps/skill-command-does-not-work-in-debian-7-releases
Signed-off-by: Craig Small <csmall@enc.com.au>
Minor fixes that the translator (Yuri) has found in some of the
strings. You only know how many typos and thinkos you have when
someone is trying to translate it.
Signed-off-by: Craig Small <csmall@enc.com.au>
Benno Schulenberg suggested some changes to the help messages
to provide some consistency and clarity for both the users and
translators of procps.
The test needed to be updated as the pmap output changed too.
Signed-off-by: Craig Small <csmall@enc.com.au>
Commit 4359cf0698 restored kill's ability
to kill PID -1. This however left PIDs -2 to -9 (or rather process
groups 2 to 9) still having this problem. The check is now generically
looking for a digit and parses it correctly.
Both the man page and the shell builtin kill mention you can
use PID -1, which means nuke everything you can get at.
Alas this "fun" option was missing and the only way to get
around it was with "kill -HUP -- -1".
This small change means kill -HUP -1 is back for all those
destructive types. The error was introduced when the argument
parser was fixed for other problems.
Thanks to Mike for pointing this out.
Signed-off-by: Craig Small <csmall@enc.com.au>
To assist translators, the help lines are split so that each translation
chunk has one option. This gives bonus of if we add or change an option,
only that option remains untranslated rather than the entire help block.
Reference:
http://www.freelists.org/post/procps/procpsng-for-Translation-Project,1
Signed-off-by: Craig Small <csmall@enc.com.au>
Additional errors resulting from merge request #13 are
being addressed in this commit. They involve two cases
of trailing whitespace and one xwarnx printf type arg.
Reference(s):
http://gitorious.org/procps/procps/merge_requests/13
. earlier build-sys fix
commit e2242cb943
. original merge
commit dd6f24dbed
Signed-off-by: Jim Warner <james.warner@comcast.net>
In the same fashion of pgrep, introduce two new options:
--ns <pid>
- nslist <ns,...>
which allows processes to be filtered by namespace.
Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
For portabiliy, check for program_invocation_name during configure and
define HAVE_PROGRAM_INVOCATION_NAME accordingly. Use of this symbol is
now enclosed with the appropriate #ifdef block.
The symbol program_invocation_name is only used for error message
handling using error(), so it's safe to omit this if it is not
available.
skill.c:340:5: warning: no previous declaration for 'skill_sig_option' [-Wmissing-declarations]
skill.c:460:5: warning: no previous declaration for 'snice_prio_option' [-Wmissing-declarations]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Bug-Debian: http://bugs.debian.org/688731
kill would not permit negative PIDs and thought they were options. kill
now explicitly checks for unknown options and if they are numeric
assumes they are negative PIDs. The first negative PID stops any
further option processing.
Signed-off-by: Craig Small <csmall@enc.com.au>
If stream status is not checked at the end of execution below problem
would not report error, or non-zero exit code. The uptime is just an
example same was true with all commands of the project.
$ uptime >&- ; echo $?
uptime: write error: Bad file descriptor
1
$ uptime >/dev/full ; echo $?
uptime: write error: No space left on device
1
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Commit 991b8a94f0 took use
getopt_long(), which means the code that is related to earlier
selfmade argument parsing is unnecessary.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Command skill accepted earlier command name as argument. This did
not work since commit 991b8a94f0.
Reported-By: "Anne C. Hanna" <orion@ugcs.caltech.edu>
Bug-Debian: http://bugs.debian.org/659038
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Strings with lower caps & no trailing dots have greater change to
have multiple occurences, meaning less effort for translators, than
strings with them.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
err and warn are BSD format but they are not recommended by library
developers. However their consiseness is useful!
The solution is to use some macros that create xerr etc which then
just map to the error() function. The next problem is error() uses
program_invocation_name so we set this to program_invovation_short_name
This is a global set but seems to be the convention (or at least errors
are on the short name only) used everywhere else.
Add the following three functions to most of the commands.
setlocale (LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
Reference: http://www.freelists.org/post/procps/backporting,1
Reported-by: Jim Warner <james.warner@comcast.net>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The patch also removes fixed size of input, which can be problematic.
I do not know how long the string `yes' might be in all of the worlds
languages.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Pretty much all of the warnings where caused by some of the previous
patches, and they became visible with gcc when compiling with;
CFLAGS="-O -g -ggdb -Wall -Wextra -pedantic -Wstrict-overflow
-Wformat -Wswitch-default -Wswitch-enum -Wsync-nand
-Wredundant-decls -Wuninitialized"
Signed-off-by: Sami Kerola <kerolasa@iki.fi>