Commit Graph

309 Commits

Author SHA1 Message Date
Qualys Security Advisory
6cf89d5065 0067-ps/sortformat.c: Avoid "sep_loc + 1" when sep_loc is NULL. 2018-06-09 21:45:38 +10:00
Qualys Security Advisory
f212e552d7 0066-ps/sortformat.c: Handle large width in aix_format_parse().
Unlikely to ever happen, since it would imply a very large string, but
better safe than sorry.

---------------------------- adapted for newlib branch
. now uses 'xmalloc' vs. unchecked stdlib 'malloc'
. the member 'need' was removed from 'format_node'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
281ac43e35 0065-ps/sortformat.c: Catch negative width in format_parse().
The existing strspn() check guarantees that the string contains no '-'
but atoi() does not catch errors, especially not integer overflows.
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
aad2b13690 0064-ps/sortformat.c: Double-check chars in verify_short_sort().
To avoid an out-of-bounds access at checkoff[tmp]. The strspn() at the
beginning of the function protects against it already, but double-check
this in case of some future change.
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
7bd4f0b6d7 0062-ps/display.c: Always exit from signal_handler().
Right now, "we _exit() anyway" is not always true: for example, the
default action for SIGURG is to ignore the signal, which means that
"kill(getpid(), signo);" does not terminate the process. Call _exit()
explicitly, in this case (rather than exit(), because the terminating
kill() calls do not call the functions registered with atexit() either).
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
6f7d610621 0061-ps/output.c: Always null-terminate outbuf in show_one_proc().
Before "strlen(outbuf)", if one of the pr_*() functions forgot to do it.
This prevents an out-of-bounds read in strlen(), and an out-of-bounds
write in "outbuf[sz] = '\n'". Another solution would be to replace
strlen() with strnlen(), but this is not used anywhere else in the
code-base and may not exist in all libc's.

---------------------------- adapted for newlib branch
. adapted via 'patch' without rejections

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
c5bbe00770 0060-ps/output.c: Protect outbuf in various pr_*() functions.
pr_bsdstart(): Replace "strcpy(outbuf," with "snprintf(outbuf, COLWID,"
(which is used in all surrounding functions). (side note: the fact that
many pr_*() functions simply return "snprintf(outbuf, COLWID," justifies
the "amount" checks added to show_one_proc() by the "ps/output.c:
Replace strcpy() with snprintf() in show_one_proc()." patch)

pr_stime(): Check the return value of strftime() (in case of an error,
"the contents of the array are undefined").

help_pr_sig(): Handle the "len < 8" case, otherwise "sig+len-8" may
point outside the sig string.

pr_context(): Handle the empty string case, or else "outbuf[len-1]"
points outside outbuf.

---------------------------- adapted for newlib branch
. logic is quite different with 'stacks' vs. 'proc_t'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
0bd44bc76e 0059-ps/output.c: Enforce a safe range for max_rightward.
Enforce a maximum max_rightward of OUTBUF_SIZE-1, because it is used in
constructs such as "snprintf(outbuf, max_rightward+1," (we could remove
the extra check at the beginning of forest_helper() now, but we decided
to leave it, as a precaution and reminder).

The minimum max_rightward check is not strictly needed, because it is
unsigned. However, we decided to add it anyway:

- most of the other variables are signed;

- make it visually clear that this case is properly handled;

- ideally, the minimum max_rightward should be 1, not 0 (to prevent
  integer overflows such as "max_rightward-1"), but this might change
  the behavior/output of ps, so we decided against it, for now.

Instead, we fixed the only function that overflows if max_rightward is
0. Also, enforce the same safe range for max_leftward, although it is
never used throughout the code-base.

---------------------------- adapted for newlib branch
. adapted via 'patch' without rejections

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
d9eb77bd68 0058-ps/output.c: Replace strcpy() with snprintf() in show_one_proc().
This strcpy() should normally not overflow outbuf, but names can be
overridden (via -o). Also, check "amount" in all cases.

---------------------------- adapted for newlib branch
. we don't use that 'likely/unlikely' crap in newlib

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
15c7fa7aba 0057-ps/output.c: Remove the page_shift variable.
It is static and not used anywhere.

---------------------------- adapted for newlib branch
. limited to whitespace/formatting differences

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
70351dd781 0056-ps/output.c: Check return value of mmap() in init_output().
We decided not to check the return value of the mprotect() calls,
because they are not vital to the operation of ps.

---------------------------- adapted for newlib branch
. many formatting/whitespace differences

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
5d7e7cf468 0055-ps/display.c: Harden show_tree().
1/ Do not go deeper than the size of forest_prefix[], to prevent a
buffer overflow (sizeof(forest_prefix) is roughly 128K, but the maximum
/proc/sys/kernel/pid_max is 4M). (actually, we go deeper, but we stop
adding bytes to forest_prefix[])

2/ Always null-terminate forest_prefix[] at the current level.

---------------------------- adapted for newlib branch
. logic is quite different with 'stacks' vs. 'proc_t'
. a commented out 'debug' line was no longer present

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
67c1ec4685 0054-ps/output.c: Fix outbuf overflows in pr_args() etc.
Because there is usually less than OUTBUF_SIZE available at endp.

---------------------------- adapted for newlib branch
. logic is quite different with 'stacks' vs. 'proc_t'
. ps no longer deals with the library 'FILL...' flags

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
43c4d553e6 0053-ps/output.c: Harden forest_helper().
This patch solves several problems:

1/ Limit the number of characters written (to outbuf) to OUTBUF_SIZE-1
(-1 for the null-terminator).

2/ Always null-terminate outbuf at q.

3/ Move the "rightward" checks *before* the strcpy() calls.

4/ Avoid an integer overflow in these checks (e.g., rightward-4).
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
9caf95c0bd 0052-ps/output.c: Handle negative snprintf() return value.
May happen if strlen(src) > INT_MAX for example. This patch prevents
escaped_copy() from increasing maxroom and returning -1 (= number of
bytes consumed in dst).

---------------------------- adapted for newlib branch
. formerly applied to proc/escape.c
. function was moved to ps/output.c

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
f44fe715bd 0048-ps/output.c: Make sure all escape*() arguments are safe.
The SECURE_ESCAPE_ARGS() macro solves several potential problems
(although we found no problematic calls to the escape*() functions in
procps's code-base, but had to thoroughly review every call; and this is
library code):

1/ off-by-one overflows if the size of the destination buffer is 0;

2/ buffer overflows if this size (or "maxroom") is negative;

3/ integer overflows (for example, "*maxcells+1");

4/ always null-terminate the destination buffer (unless its size is 0).

---------------------------- adapted for newlib branch
. formerly applied to proc/escape.c
. function was moved to ps/output.c

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Jim Warner
f0b245c794 ps: move other initialization code after setREL macros
While the previous patch concerned an essential change
to avoid dereferencing those NULL pointers, this patch
could be considered optional. For consistency, it just
puts all initialization logic after the setREL macros.

[ plus along the way some inter-function spacing was ]
[ standardized with just a single blank line between ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Jim Warner
26ab9ae143 ps: ensure functions not called prior to setREL macros
Under newlib design, ps must loop though all potential
print functions so as to gather the appropriate enum's
while establishing the 'relative' equivalent. The keys
to the setREL/chkREL macros are a NULL 'outbuf' param.

It's imperative that no other functions be called with
that NULL value. Unfortunately, several instances were
found where this was violated. They are now corrected!

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Jim Warner
292a4dd6fa ps/output.c: eliminate one irritating compiler warning
Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Sébastien Bigaret
5329984b2e ps: add times & cputimes format specifiers: cumulative CPU time in seconds
These format specifiers are to time & cputime what etimes is to etime.

Signed-off-by: Sébastien Bigaret <sebastien.bigaret@telecom-bretagne.eu>

References:
 procps-ng/procps!43
2018-03-02 22:19:40 +11:00
Jim Warner
22887a61e1 ps: changed to exploit a newly added UID used at login
This patch represents a newlib adaptation of the merge
request offered by Jan Rybar that is referenced below.

Reference(s):
https://gitlab.com/procps-ng/procps/merge_requests/57
https://bugzilla.redhat.com/show_bug.cgi?id=1518986

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-02-19 20:33:59 +11:00
Craig Small
91df65b9e7 docs: Document I idle state in ps and top
Linux 4.2 provided a new process state of I which is used for an idle
kernel thread. This new state means that kernel threads do not
contribute to the loadavg as they are no longer state D or S but I.

While both ps and top displayed this state, it wasn't documented in
either manual page until now.

References:
 https://bugs.debian.org/886967
 https://www.quora.com/What-does-mean-Linux-process-state-I-in-the-top-output
 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80ed87c8a9ca0cad7ca66cf3bbdfb17559a66dcf
2018-01-13 11:25:59 +11:00
Jim Warner
9ea0021070 ps: don't use '+' truncation indicator with multi-byte
The ps program generally supports multi-byte sequences
in strings representing user and group names. However,
should a multi-byte sequence span the maximum width of
a column, the '+' inserted by ps to signify truncation
will corrupt that sequence, misaligning the text line.

Unfortunately, there's insufficient info returned from
the escape_str function (who calls escape_str_utf8) to
provide a robust response. So, this commit will revert
to the old standby of displaying a number when the '+'
character would've corrupted that multi-byte sequence.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-10-02 22:23:13 +11:00
Jim Warner
fd95a61652 ps: have now added the NUMA node field display support
Reference(s):
https://gitlab.com/procps-ng/procps/issues/58

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-05-22 21:38:10 +10:00
Jim Warner
618a813baa misc: eliminate all those remaining gcc -Wall warnings
Reference(s):
proc/readproc.c: In function 'statm2proc'
proc/readproc.c:600:9: warning: variable 'num' set but not used [-Wunused-but-set-variable]

proc/stat.c: In function 'stat_derive_unique':
proc/stat.c:429:1: warning: no return statement in function returning non-void [-Wreturn-type]

ps/parser.c: In function 'arg_type':
ps/parser.c:1098:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
ps/parser.c:1099:34: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'

lib/signals.c: In function 'strtosig':
lib/signals.c:243:9: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
lib/signals.c:245:13: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'

slabtop.c: In function 'print_summary':
slabtop.c:223:29: warning: unused variable 'stats' [-Wunused-variable]

watch.c: In function 'process_ansi':
watch.c:232:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
watch.c:235:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-05-22 21:38:10 +10:00
Jim Warner
66e8e2723d ps: finish purging those references to PIDS_WCHAN_ADDR
Aw shucks, not all support for this defunct enumerator
was removed via the commits shown below (but, is now).

[ what remained were just variables named after that ]
[ deprecated/deleted enumerator, but still & all ... ]

[ plus, i have left the doc/libproc.3 file untouched ]
[ since it already appears badly out of date anyway! ]

Reference(s):
. ps references partially purged
commit 66c4024d75
. enumerator purged from library
commit 912075605b

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-01-04 08:29:44 +11:00
Jim Warner
1c0d54e963 ps: now made responsive to 32 or 64-bit address widths
While a Debian bug report referenced below was limited
to the 'eip' and 'esp' fields, this patch also extends
address width adaptations to some other addresses too.

[ and, we do so in a far less invasive manner than a ]
[ redhat approach shown below adding two new fields! ]

Reference(s):
. new debian bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846361
. old redhat solution
https://bugzilla.redhat.com/show_bug.cgi?id=244152

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-12-07 22:07:00 +11:00
Martin Polednik
b3e8581a30 ps: recognize SCHED_DEADLINE 2016-11-21 21:56:37 +11:00
Jim Warner
66c4024d75 ps: respond to loss of that PIDS_WCHAN_ADDR enumerator
No longer will ps print nwchan as 'ffffff', '-' or '1'
since the proc/PID/stat wchan field didn't represent a
real address anyway. Rather, the field will henceforth
output a dash ('-'), the ps customary 'not available'.

That man document was also tweaked to better represent
actual behavior. An asterisk ('*') was never shown for
threaded tasks and that dash ('-') usually didn't mean
running tasks (sometimes associated with permissions).

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-10-16 08:23:38 +11:00
Jim Warner
86992bb58f ps: respond to loss of fields obsoleted with linux 2.6
Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-10-09 21:31:29 +11:00
Thomas Petazzoni
686550b305 ps/output.c: include <dlfcn.h> only when necessary
dlopen() functionality is only used when SELinux support is enabled, so
<dlfcn.h> only needs to be included when ENABLE_LIBSELINUX is
defined. This fixes the build in configurations where <dlfcn.h> is not
available.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-08-15 21:10:30 +10:00
Jim Warner
105058ae2d related: fix inconsistencies in result type references
This patch is a response to errors found in those type
references now that our library allows for validation.

In two cases, former assignments to a result structure
could no longer employ that VAL macro if validation is
active. Thus, direct reference to some stack was used.

For the record, those instances were to be found here:
. ps - uses PIDS_extra to store the cooked pcpu values
. top - uses PIDS_extra to store the forest view level

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-08-07 21:40:48 +10:00
Jim Warner
e0515e23e7 related: respond to VAL macro addition of context parm
Since the VAL macro now requires a 4th parameter, this
commit simply adds the 'info' context structure to it.

In some cases, that context structure needed to become
global, since it was referenced in multiple functions.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-08-07 21:40:48 +10:00
Jim Warner
51aef8f769 related: adapt for changes in result types, <PIDS> api
This patch is the response to changes in <pids> types.

These additional modifications were also incorporated.

. ps -------------------------------------------------
pr_wname was eliminated as it just duplicated pr_wchan
pr_wchan referenced WCHAN_ADDR in error, vs WCHAN_NAME
pr_nwchan referenced WCHAN_NAME, not proper WCHAN_ADDR

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-08-01 20:09:18 +10:00
Jim Warner
612f36189e related: change for lost 'PROCPS_' enumerator prefixes
With this patch we've completed a progression toward a
standard approach to naming conventions which follows:

* Only functions will begin with that 'procps_' prefix
. ........................................... examples
. procps_vmstat_get ()
. procps_diskstats_select ()
- ----------------------------------------------------

* Exposed structures begin with the module/header name
. ........................................... examples
. struct pids_info
. struct stat_reaped
- ----------------------------------------------------

* Item enumerators begin like structs, but capitalized
. ........................................... examples
. VMSTAT_COMPACT_FAIL
. MEMINFO_DELTA_ACTIVE

[ slabinfo varies slightly due to some item variants ]
. SLABINFO_extra
. SLABS_SIZE_ACTIVE
. SLABNODE_OBJS_PER_SLAB
[ could cure with a prefix of SLABINFO, but too long ]
- ----------------------------------------------------

* Other enumerators work exactly like item enumerators
. ........................................... examples
. PIDS_SORT_ASCEND
. STAT_REAP_CPUS_AND_NODES
- ----------------------------------------------------

* Macros and constants begin just like the enumerators
. ........................................... examples
. #define SLABINFO_GET
. #define DISKSTATS_TYPE_DISK
- ----------------------------------------------------

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-07-26 20:49:44 +10:00
Jim Warner
d7cbf3448f related: adapt to changes in 'context' structure names
Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-07-26 20:47:50 +10:00
Jim Warner
338166df57 misc: just eliminate several 'unused' warning messages
[ plus we also play catch up on some earlier changes ]
[ that impacted skill.c, after using --enable-skill! ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-07-26 07:59:48 +10:00
Jim Warner
a2c79b6237 misc: adapt others to struct layout change, <PIDS> api
With the change to struct pids_fetch, we'll just trade
some dot ('.') code for some pointer to ('->') syntax.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-06-28 21:11:25 +10:00
Jim Warner
428ef496a6 misc: adapt others to the changes in 'get' return type
Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-06-21 20:58:09 +10:00
Jim Warner
5f2570c384 misc: adapt pgms to pids_sort_order change, <PIDS> api
Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-06-09 20:51:06 +10:00
Jim Warner
911083bf76 ps+top: adapt for changes in results types, <PIDS> api
I've got nothing to add to the commit message but that
doesn't mean I won't produce perfectly justified text.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-05-16 19:58:20 +10:00
Jim Warner
56def1cbac misc: adapt others to changes in interface, <PIDS> api
I've got nothing to add to the commit message but that
doesn't mean I won't produce perfectly justified text.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-05-16 19:58:20 +10:00
Jim Warner
78043f6751 ps: ensuring procps_meminfo_new success, <MEMINFO> api
The 'new' function requires a NULL context pointer, so
when existing code worked, it was just a case of luck.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-05-12 21:13:47 +10:00
Craig Small
201208cbc1 ps: Output of nwchan is a number
For some time with enough compilier flags I have watched the
following warning drift by:
ps/output.c: In function ‘pr_nwchan’:
ps/output.c:658:41: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
   return snprintf(outbuf, COLWID, "%x", (unsigned)rSv(WCHAN_NAME, str, pp));

nwchan is supposed to be the address of where the process is sleeping,
not the name. Besides %x is a hex number not a string hence the warning.

nwchan now prints the address, in hex and GCC is happy.
2016-05-12 20:43:49 +10:00
Jim Warner
d94af0d07a misc: adapted other programs to changes, <MEMINFO> api
This patch just brings *most* other programs into line
with those changes recently made in the <meminfo> API.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-05-12 07:51:10 +10:00
Jim Warner
21360027e5 misc: adapt additional programs to changes, <STAT> api
This patch brings the ps program (very small impact) &
that vmstat program (major impact) into agreement with
the new <stat> API. In the case of the latter guy, the
many separate calls to 'get' should be replaced by one
single 'select' call obtaining all data in one stroke.

[ but, i was too tired to undertake that enhancement ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-05-08 21:12:22 +10:00
Craig Small
6b5cb345c5 library: procps_uptime() return value is a status
procps_uptime, previously just plain uptime() used to put the
uptime (as a double) in the first argument and return uptime
(as an int).

It meant if you ran
 myuptime2 = procps_uptime(&myuptime1, NULL);
You might get different results for myuptime1 and myuptime2 because
they are different types.

Most library calls use the return value to return the status,
procps_uptime was in the middle.

Until now.

This function will return 0 on success. If you want (for whatever
reason) uptime as an int then cast it.

All of the procps binaries didn't use the return value for uptime
except ps which set a variable to it but never used it anywhere.
2016-05-01 16:50:25 +10:00
Jim Warner
714ea69c6d misc: adapt others to a changed identifier, <pids> API
Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-04-19 20:38:18 +10:00
Craig Small
d916d5db86 library: re-arrange escape commands
escaped_copy(): only appears in ps, moved to ps/output.c
escape_strlist() only used in escape.c made static
escape_command() used in library, made internal
procps.h no longer includes escape.h

escape_str() used by library and ps so needs to be exported
definition put into procps.h including the odd define required.
Far from ideal to have it this way, will look at it another time
to have it all in, all out or split nicer so its not in the API;
perhaps a lib/ file?
2016-04-17 14:45:19 +10:00
Craig Small
ccb6ae8de1 library: cleanup of library includes
The includes used to define a lot of things a library include
should not. It was also a bit messy what was exposed in the library
and what was not.

get_pid_digits -> procps_pid_length and exported correctly

MALLOC attribute move into relevant .c files
NORETURN attribute moved to relevant .c, not used in library
PURE attribute removed, it wasn't used
KLONG/KLF/STRTOUKL were fixed for long, so now just use long

HIDDEN attribute removed. It was for 3 functions. The PROCPS_EXPORT
seems to do the same (opposite) thing.

likely/unlikely removed from most places, its highly debateable
this does anything useful as CPUs have gotten smarter about branches.

Re-arranged the includes, ALL external programs should just #include
<proc/procps.h> then proc/procps.h includes headers for files that
have exported functions. procps.h and the headers it includes should
not use items that are not exportable (e.g. hidden functions or
macros) they go in procps-private.h
2016-04-16 17:03:57 +10:00