380 Commits

Author SHA1 Message Date
Qualys Security Advisory
8136a7a664 proc/sysinfo.c: Prevent integer overflow of realloc() size. 2018-05-19 07:32:21 +10:00
Qualys Security Advisory
5b6ab39c6d proc/slab.c: Check correct number of items after sscanf(). 2018-05-19 07:32:21 +10:00
Qualys Security Advisory
3ccc6ed262 proc/slab.h: Fix off-by-one overflow in sscanf().
In proc/slab.c, functions parse_slabinfo20() and parse_slabinfo11(),
sscanf() might overflow curr->name, because "String input conversions
store a terminating null byte ('\0') to mark the end of the input; the
maximum field width does not include this terminator."

Add one byte to name[] for this terminator.
2018-05-19 07:32:21 +10:00
Qualys Security Advisory
bf12b14db9 proc/sig.c: Harden print_given_signals().
And signal_name_to_number().
2018-05-19 07:32:21 +10:00
Qualys Security Advisory
3244e7ddb0 proc/devname.c: Never write more than "chop" (part 2).
"chop" is the maximum offset where the null-byte should be written;
respect this even if about to write just one (non-null) character.
2018-05-19 07:32:21 +10:00
Qualys Security Advisory
6b7ceb36a4 proc/devname.c: Never write more than "chop" characters.
This should be guaranteed by "tmp[chop] = '\0';" and "if(!c) break;" but
this patch adds a very easy belt-and-suspenders check.
2018-05-19 07:32:21 +10:00
Qualys Security Advisory
730bdc33e7 proc/devname.c: Prevent off-by-one overflow in dev_to_tty(). 2018-05-19 07:32:21 +10:00
Qualys Security Advisory
9f59bd5c52 proc/devname.c: Use snprintf() in link_name().
Found no problematic use case at the moment, but better safe than sorry.
Also, return an error on snprintf() or readlink() truncation.
2018-05-19 07:32:21 +10:00
Qualys Security Advisory
59666e6255 proc/version.h: Protect parameter in LINUX_VERSION() macro.
Just in case (no problematic use case at the moment).
2018-05-19 07:32:21 +10:00
Qualys Security Advisory
f1077b7a55 proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).

Warnings:

- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
  because of the ++size;

- here, xstrdup() can return NULL (if str is NULL), which goes against
  the idea of the xalloc wrappers.

We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
2018-05-19 07:32:21 +10:00
Qualys Security Advisory
98b79d1ef1 proc/alloc.c: Use vfprintf(), not fprintf().
This can disclose information from the stack, but is unlikely to have a
security impact in the context of the procps utilities:

user@debian:~$ w 2>&1 | xxd
00000000: a03c 79b7 1420 6661 696c 6564 2074 6f20  .<y.. failed to
00000010: 616c 6c6f 6361 7465 2033 3232 3137 3439  allocate 3221749
00000020: 3738 3020 6279 7465 7320 6f66 206d 656d  780 bytes of mem
00000030: 6f72 79                                  ory
2018-05-19 07:32:21 +10:00
Qualys Security Advisory
7941bb512a proc/readproc.c: Add checks to get_ns_name() and get_ns_id(). 2018-05-19 07:32:21 +10:00
Qualys Security Advisory
3ce9f837a3 proc/sig.c: Fix the strtosig() function.
Do not memleak "copy" in case of an error.

Do not use "sizeof(converted)" in snprintf(), since "converted" is a
"char *" (luckily, 8 >= sizeof(char *)). Also, remove "sizeof(char)"
which is guaranteed to be 1 by the C standard, and replace 8 with 12,
which is enough to hold any stringified int and does not consume more
memory (in both cases, the glibc malloc()ates a minimum-sized chunk).
2018-05-19 07:32:21 +10:00
Craig Small
75bd099420 library: check not undef SIGLOST
sig.c had this odd logic where on non-Hurd systems it would undefine
SIGLOST. Fine for Hurd or amd64 Linux systems. Bad for a sparc which
has SIGLOST defined *and* is not Hurd.

Just check its defined, its much simpler.
2018-05-03 21:06:05 +10:00
Craig Small
5576c8e438 library: build on non-glibc systems
Some non-glibc systems didn't have libio.h or __BEGIN_DECLS
Changes to make it more standard.

References:
 issue #88
2018-04-10 21:28:11 +10:00
Craig Small
f46865eaf3 sysctl: fixup build system
Remove the external definition of the procio function.
2018-03-12 13:06:08 +11:00
Craig Small
c9be22a8c0 sysctl: Bring procio functions out of library
The procio functions that were in the library have been
moved into sysctl. sysctl is not linked to libprocps in
newlib and none of the other procps binaries would need
to read/write large data to the procfs.

References:
 be6b048a41b0a47ebed602d9e0993fe18c9de237
2018-03-01 21:25:04 +11:00
Craig Small
063838a7f5 docs: Change name of fprocopen man page
Add NEWS for sysctl large buffers
Rename manpage to fprocopen

References:
 be6b048a41b0a47ebed602d9e0993fe18c9de237
 procps-ng/procps!56
2018-02-28 21:24:03 +11:00
Werner Fink
e0ab7cff1f Add flexible buffered I/O based on fopencookie(3)
to be able to read and write large buffers below /proc.
The buffers and file offsets are handled dynamically
on the required buffer size at read, that is lseek(2)
is used to determine this size. Large buffers at
write are split at a delimeter into pieces and also
lseek(2) is used to write each of them.

Signed-off-by: Werner Fink <werner@suse.de>
2018-02-28 20:46:58 +11:00
Sven Eden
776b0791ba Add support for elogind
A session manager similar to logind from systemd.
See https://github.com/elogind/elogind

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
2017-12-29 15:57:14 +11:00
James Clarke
bd72ba3a4b sig: Move runtime signal count check to compile time
Since the value of number_of_signals is known at compile time, we can
use a compile-time check instead. This also adds SIGLOST for the Hurd,
uses the correct signal counts for the Hurd and FreeBSD, and only gives
a compile-time warning when compiled on an unknown platform that it does
not know whether the number of signals is correct.
2017-12-23 17:48:36 +11:00
Jim Warner
0003d704ac library: relocate the typedef used in alloc.h override
There is no longer justification for placing a typedef
employed in overriding that alloc.h message handler in
the procps.h header file. So this commit just moves it
to the alloc.h header file itself where's it's needed!

[ gosh, sure wish i had thought to relocate this guy ]
[ when the changes in the 1st commit shown were made ]

Reference(s):
. most recent related changes
commit 18e5aecd2b61387ebd82c83f6f716e4c8e093272
. place where it *should* have been relocated
commit 2865ded64e72e0bec721dad9b442dab0899ee2b0

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-12-23 17:41:37 +11:00
Jim Warner
18e5aecd2b top: exploit msg handler override to avoid corrupt tty
Way back in November of 2011, the library was equipped
with an overridable error message handler function. It
was done expressly for a program like top which alters
the tty. But that support was withdrawn shortly after.

This was all done in the lead up to v3.3.2. That's the
release where NLS support was added and it represented
a hectic time. In hindsight, the changes went too far.

So this commit, in a minimal fashion, restores ability
to address a potential fatal library error. After all,
any properly behaving library would never unilaterally
subject a caller to a stderr message and then an exit.

[ when exposing 1 variable in libprocps.sym, 2 other ]
[ existing symbols were repositioned alphabetically. ]

Reference(s):
. generalized library memory provisions
commit 7126cc4491847ce5d50e603fe48666f94bfc60bf
. top exploit library memory provisions
commit 88087ec5a5968304d6461be2c2fbe05885ffdad8
. library xalloc type functions made private
commit 2865ded64e72e0bec721dad9b442dab0899ee2b0
. restored prior top memory logic
commit 05f5deb97c454b3558892ff4266efc81547f88d5

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-12-20 21:07:44 +11:00
Kyle Laker
5979696ada whattime: Fix formatting
Update formatting within the if block to two spaces
2017-09-23 17:32:29 +10:00
Kyle Laker
325d68b7c3 whattime: Show 0 minutes in pretty output
When supplying the -p command to uptime, it does not display any
sections where the value is less than 1; however, after a reboot, this
causes the command to just output "up". Showing 0 minutes when the
system has been up for less than a minute makes it clear a reboot just
occurred.
2017-09-23 17:32:29 +10:00
Wayne Porter
53e101452f Consolidated patch of previously merged CYGWIN support
The combined results of merge request #49 without that
overhead plus distortion in this repository's history.

Prototyped-by: Wayne Porter <wporter82@gmail.com>
2017-09-03 20:59:23 +10:00
Jim Warner
1a2ec0390a library: set stage for NUMA node field display support
In response to that suggestion referenced below, these
changes allow display of task/thread level NUMA nodes.

Currently, only the 'top' program offers any NUMA type
support and it is limited to the Summary Area display.
With this commit both the 'top' and 'ps' programs will
be able to display NUMA nodes associated with threads.

[ this patch has been adapted from the newlib branch ]
[ and implemented so as to preserve the existing ABI ]

Reference(s):
https://gitlab.com/procps-ng/procps/issues/58

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-05-22 21:34:32 +10:00
Jim Warner
629fa81b57 misc: eliminate all those remaining gcc -Wall warnings
Reference(s):
proc/readproc.c: In function 'statm2proc'
proc/readproc.c:627:9: warning: variable 'num' set but not used [-Wunused-but-set-variable]

ps/output.c: In function 'pr_context':
ps/output.c:1273:14: warning: unused variable 'tried_load' [-Wunused-variable]
ps/output.c:1272:16: warning: unused variable 'ps_is_selinux_enabled' [-Wunused-variable]
ps/output.c:1272:16: warning: 'ps_is_selinux_enabled' defined but not used [-Wunused-variable]
ps/output.c:1273:14: warning: 'tried_load' defined but not used [-Wunused-variable]
ps/output.c:1837:18: warning: 'shortsort_array_count' defined but not used [-Wunused-const-variable=]
ps/output.c:1803:18: warning: 'aix_array_count' defined but not used [-Wunused-const-variable=]

ps/parser.c: In function 'arg_type':
ps/parser.c:1098:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
ps/parser.c:1099:34: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'

ps/sortformat.c: In function 'format_parse':
ps/sortformat.c:241:1: warning: label 'out' defined but not used [-Wunused-label]

ps/stacktrace.c:176:13: warning: 'stack_trace_sigsegv' defined but not used [-Wunused-function]

watch.c: In function 'process_ansi':
watch.c:234:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
watch.c:237:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-05-22 21:34:32 +10:00
Jan Rybar
19649938ec Merge branch 'fix-99d71ad' into 'master'
Fix 99d71ad

My previous patch has a regression. Please merge the fix of regression.

This is based on the following post.
http://www.freelists.org/post/procps/fix-regression-created-by-99d71ad

See merge request !29
2016-12-20 15:01:18 +00:00
Jim Warner
dc8e89119a misc: remove some trailing whitespace newly introduced
The commit (merge) referenced below added some useless
trailing whitespace, and this patch will correct such.

[ this also updates the NEWS file for the buglet fix ]

Gosh, if folks cannot coax their editors into avoiding
such crap they should remove the '.sample' suffix from
their '.git/hooks/pre-commit.sample' file. Thereafter,
git itself will reject changes with whitespace errors.

Reference(s):
commit cc1f49aebacbe0a9b3f12744fd596669ffdb45aa

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-12-07 21:50:59 +11:00
Jan Rybar
fc7f60a6bc ps: removed stripping of prefixes off wchan data
resolves Red Hat Bugzilla #1322111
2016-11-22 16:58:14 +01:00
Takayuki Nagata
23ba442c88 libprocps: use float to calculate %use of slabtop
In some environments, 100 * nr_active_objs is calculated at first,
and the result of lower 32bits is divided by nr_objs. This occurs
even in a 64-bit architecture. So nr_active_objes > 42949672, %use
will be incorrect.

This fix casts type of nr_active_objs to float to calculate
correctly the %use in 32-bit/64-bit architectures.

Signed-off-by: Takayuki Nagata <tnagata@redhat.com>
2016-10-12 16:59:01 +09:00
Takayuki Nagata
636b48efd8 Revert "bprocps: fix order of operations for %use of slabinfo"
This reverts commit 99d71ad5810b8fbfab5c4c6be97f3e86953b6157.

When nr_active_objs / nr_objs is calculated, the result will be 1
or 0 since the variables are integer. So the commit is wrong.
2016-10-12 16:58:56 +09:00
Olof Sivertsson
586bfb7655 kill: Fix free() with bad pointer on SIG-prefixed signal-name
kill -l SIGHUP (or any other signal-name prefixed with "SIG")
would cause free() to be called with a bad pointer instead of
a pointer to what was allocated. Fix this and add test-case.
2016-09-08 22:32:18 +02:00
Jon Boden
8abd0c92ab library: Don't use SIGPWR on FreeBSD
FreeBSD doesn't have SIGPWR so makes no sense in warning and assuming
its 29.

References:
 https://bugs.debian/org/832148

Signed-off-by: Craig Small <csmall@enc.com.au>
2016-08-28 19:14:32 +10:00
Jim Warner
67a634dc4c library: revert one ancient 'escape_str_utf8' deletion
Profiling revealed a large amount of time spent in the
'escape_str_utf8' function (escape.c) with both of our
NLS branches (newlib and master). That same result was
not seen under an ancient top-3.2.8 program & library.

Well, the 3.2.8 result was ultimately explained by the
absence of a 'setlocale', necessary under NLS support.
Thus, when that ancient library tested for locale, all
it got was 'ANSI_...' & assumed 'UTF-8' wasn't active.

But after a hack to that ancient code to place it on a
par with newlib/master, I still found cost differences
that led me to revisit an old change referenced below.

It turns out that 'iswprint' costs far more than would
a call of 'isprint', even with the extra support code.
So this commit just reverts that five year old change.

[ this patch parallels a similar change under newlib ]

Reference(s):
commit 7b0fc19e9d28380dc9790615b93bc3653d6d686e

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-08-23 21:12:32 +10:00
Craig Small
1955657461 Merge branch 'find_elf_note_fix' into 'master'
Fixing invalid reads in find_elf_note due to setenv invocation

Resolves issue on mailing list from 12 Nov 2014 and Red Hat Bugzilla 1163404.

See merge request !20
2016-08-15 11:08:15 +00:00
Jan Rybar
ecabdaca41 Fixing invalid reads in find_elf_note due to setenv invocation
Resolves issue on mailing list and Red Hat Bugzilla 1163404.
2016-08-05 15:21:49 +02:00
Jan Rybar
c63a5a4af0 Fixing is_disk() which mistakes devices with name longer than 20 chars for partitions.
Associated with previous vmstat -d enhancement commit.
2016-08-04 13:55:01 +02:00
Craig Small
2e4959bab8 library: dont use vm_min_free on non-Linux systems
For a specific slice of kernel versions we can get a better
estimate of the available memory before the "real" available
figure appears around kernel 3.2

However, that middle method requires a /proc/sys/vm directory.
FreeBSD 9.x used to emulate a < 2.6.27 kernel procfs meaning
it never tried the middle method. FreeBSD 10.x emulates something
more modern, but without the available figure and without a
/proc/sys/vm, so the library falls into a hole.

Hurd may to one day have this bug so we'll exclude him as well
as its triggered by whatever number appears in
/proc/sys/kernel/osrelease

References:
 commit 3f3b1a59ada85d21f34530cfb1dc1c0afd70e6dc
 https://bugs.debian.org/831396
2016-07-17 09:06:24 +10:00
Jim Warner
25a6ecdbfb library: avoid QUICK_THREADS, swat Redhat bug #1284091
For this release, what's likely to be our last oldlib,
we really no longer care when top or ps threads access
is made a little less efficient. This is especially so
when efficiency was gained at the expense of accuracy.

The newlib branch already has turned off QUICK_THREADS
so this patch just brings the master branch into line.

Reference(s):
https://bugzilla.redhat.com/show_bug.cgi?id=1284091

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-07-09 13:23:27 +10:00
Craig Small
639c58312b library: rename clashing pwcache functions
On MacOS the system already has user_from_uid and group_from_gid.
These are renamed pwcache_get_user and pwcache_get_group.

For the old library, pwcache_get_user needs to be exported
for skill.

References:
 https://gitlab.com/procps-ng/procps/issues/34

Signed-off-by: Craig Small <csmall@enc.com.au>
2016-07-06 22:26:02 +10:00
Jim Warner
5d54dc0d2e library: play catchup with a new proc_t 'cgname' field
Since we're about to break the ABI/API anyway, why not
go ahead and add yet another field to our proc_t which
the newlib branch has had for awhile. This then allows
the top program to offer 'control group name' and will
also permit a few reductions in that ps program logic.

And let's also clean up some unrelated warnings below.

Clang warnings:
proc/readproc.c:1178:50: warning: address of array 'ent->d_name' will always evaluate to 'true' [-Wpointer-bool-conversion]
    if(unlikely(unlikely(!ent) || unlikely(!ent->d_name))) return 0;
                                           ~~~~~~^~~~~~
proc/readproc.c:1205:50: warning: address of array 'ent->d_name' will always evaluate to 'true' [-Wpointer-bool-conversion]
    if(unlikely(unlikely(!ent) || unlikely(!ent->d_name))) return 0;
                                           ~~~~~~^~~~~~

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-07-06 21:33:17 +10:00
Simon Tatham
365cb37029 library: find tty device name of process quicker
The procps library attempts to work out the tty of a process
through several methods. For things like /dev/tty123 or
/dev/foo it works fine.

For tty devices that put the minor number in a directory
of the major name this fails. So then we have to fallback
to stating things like the processes STDERR and try again.

Considering a lot of processes sit on ttys such as
/dev/pts/3 this is a lot of wasted time. At the point of
entering driver_name we know "/dev/pts" and we know "3"
we just didn't join them up the right way as this is old
code.

This change now looks for /dev/pts/3 as well. It does it
after looking for /dev/pts3 so the behaviour is the same.

References:
 https://bugs.debian.org/770215

Signed-off-by: Craig Small <csmall@enc.com.au>
2016-07-03 10:08:18 +10:00
Jan Rybar
47497dd240 - Fixing sysinfo - devices with length exceeding 15 chars are not displayed in vmstat -d 2016-06-30 18:29:50 +02:00
Jim Warner
32db4e99a6 library: make sure that the proc_t is now fixed length
The former variable length structure created potential
problems for library users like that referenced below.

We will now parallel the same approach newlib uses for
the configure options --enable-oomem & --with-systemd.
Thus, the --enable-oomem and OOMEM_ENABLE #define have
been eliminated and the --with-systemd option (#define
WITH_SYSTEMD) will hereafter impact one function only.

The proc_t struct itself will now *never* be impacted.

Reference(s):
https://gitlab.com/procps-ng/procps/issues/31

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-06-07 20:49:30 +10:00
Jim Warner
cb0e210930 library: exploit linux-4.5 resident memory enhancement
Since support already exists in the newlib branch this
represents an equivalent master branch implementation,
and this commit message is shared with 2 more patches.

Beginning with linux-4.5, the following new fields are
being added under that /proc/<pid>/status pseudo file:
 . RssAnon - size of resident anonymous memory
 . RssFile - size of resident file mappings
 . RssShmem - size of resident shared memory

p.s. Locked resident memory support was also added but
isn't directly related to the kernel 4.5 enhancements.

p.p.s. Archlinux, Debian-stretch and Fedora-23 already
are currently using a 4.5 linux kernel (as of 6/2/16).

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-06-07 20:49:30 +10:00
Takayuki Nagata
99d71ad581 bprocps: fix order of operations for %use of slabinfo
In some environments, 100 * nr_active_objs is calculated at first,
and lower 32bit of the result is divided by nr_objs.
If 100 * nr_active_objs > 42949672, %use will be incorrect.

Signed-off-by: Takayuki Nagata <tnagata@redhat.com>
2016-04-25 20:20:08 +10:00
Craig Small
da715e3ca0 Replace %Lu with standard %llu
Multiple scanf()s use the GNU-permitted %Lu. This is not supported in
other libraries and isn't to the POSIX specification. The L modifier
is only used for floats in POSIX.

Replacing %Lu with %llu is the same for GNU libc (scanf(3) says as much)
but means other libraries will work fine.

Closes: #19

References:
 http://pubs.opengroup.org/onlinepubs/009695399/functions/fscanf.html
2016-03-03 21:43:52 +11:00
Craig Small
05d751c4f0 free: use SReclaimable in cached
The previous commit added all of slab into the cache value. The
thing was is cached in this context is something you can get
back and reclaim if under memory pressure.

The problem was slab parameter includes both reclaimable and
unreclaimable values which doesn't make sense in this context.
This commit make cached only use the reclaimable component.

References:
 http://www.freelists.org/post/procps/OmegaPhilxxxxxxxxxxxxx-Bug799716-free-considers-cached-to-include-SUnreclaim
 https://github.com/brndnmtthws/conky/issues/130
 https://bugs.debian.org/799716

Commits:
 6cb75efef85f735b72e6c96f197f358f511f8ed9
2015-10-24 14:21:23 +11:00