Commit Graph

18 Commits

Author SHA1 Message Date
Qualys Security Advisory
1e48648b82 0051-proc/escape.c: Prevent buffer overflows in escape_command().
This solves several problems:

1/ outbuf[1] was written to, but not outbuf[0], which was left
uninitialized (well, SECURE_ESCAPE_ARGS() already fixes this, but do it
explicitly as well); we know it is safe to write one byte to outbuf,
because SECURE_ESCAPE_ARGS() guarantees it.

2/ If bytes was 1, the write to outbuf[1] was an off-by-one overflow.

3/ Do not call escape_str() with a 0 bufsize if bytes == overhead.

4/ Prevent various buffer overflows if bytes <= overhead.
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
1eddce14c3 0050-proc/escape.c: Prevent integer overflows in escape_str_utf8().
Simply rearrange the old comparisons. The new comparisons are safe,
because we know from previous checks that:

1/ wlen > 0

2/ my_cells < *maxcells (also: my_cells >= 0 and *maxcells > 0)

3/ len > 1

4/ my_bytes+1 < bufsize (also: my_bytes >= 0 and bufsize > 0)
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
8f49e98a3f 0049-proc/escape.c: Handle negative wcwidth() return value.
This should never happen, because wcwidth() is called only if iswprint()
returns nonzero. But belt-and-suspenders, and make it visually clear
(very important for the next patch).
2018-06-09 21:35:19 +10:00
Qualys Security Advisory
1ecf125d3f 0048-proc/escape.c: Make sure all escape*() arguments are safe.
The SECURE_ESCAPE_ARGS() macro solves several potential problems
(although we found no problematic calls to the escape*() functions in
procps's code-base, but had to thoroughly review every call; and this is
library code):

1/ off-by-one overflows if the size of the destination buffer is 0;

2/ buffer overflows if this size (or "maxroom") is negative;

3/ integer overflows (for example, "*maxcells+1");

4/ always null-terminate the destination buffer (unless its size is 0).

---------------------------- adapted for newlib branch
. the escape.c now has just a single exported function
. thus SECURE_ESCAPE_ARGS() is needed in only 2 places
. unlike that original patch, macro is executed 1 time
( not like 'escape_command' calling 'escape_strlist' )
( which might then call 'escape_str' multiple times! )

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
Jim Warner
3ac040d047 library: revert one ancient 'escape_str_utf8' deletion
Profiling revealed a large amount of time spent in the
'escape_str_utf8' function (escape.c) with both of our
NLS branches (newlib and master). That same result was
not seen under an ancient top-3.2.8 program & library.

Well, the 3.2.8 result was ultimately explained by the
absence of a 'setlocale', necessary under NLS support.
Thus, when that ancient library tested for locale, all
it got was 'ANSI_...' & assumed 'UTF-8' wasn't active.

But after a hack to that ancient code to place it on a
par with newlib/master, I still found cost differences
that led me to revisit an old change referenced below.

It turns out that 'iswprint' costs far more than would
a call of 'isprint', even with the extra support code.
So this commit just reverts that five year old change.

Reference(s):
commit 7b0fc19e9d

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-08-23 21:11:09 +10:00
Craig Small
d916d5db86 library: re-arrange escape commands
escaped_copy(): only appears in ps, moved to ps/output.c
escape_strlist() only used in escape.c made static
escape_command() used in library, made internal
procps.h no longer includes escape.h

escape_str() used by library and ps so needs to be exported
definition put into procps.h including the odd define required.
Far from ideal to have it this way, will look at it another time
to have it all in, all out or split nicer so its not in the API;
perhaps a lib/ file?
2016-04-17 14:45:19 +10:00
Jim Warner
7888f6a679 miscellaneous: clean up trailing whitespace once again
An earlier commit attempted to cleanse our environment
of all useless trailing whitespace. But the effort did
not catch 'empty' lines with a single space before ^J.

This commit hopefully finishes off the earlier effort.
In the meantime, let's pray that contributors' editors
are configured so that such wasted crap is disallowed!

Reference(s):
commit fe75e26ab6

Signed-off-by: Jim Warner <james.warner@comcast.net>
2013-04-07 18:05:01 +10:00
Jim Warner
fe75e26ab6 miscellaneous: clean up trailing whitespace throughout
The entire tree's polluted with inappropriate trailing
whitespace. This commit rids our environment of all of
those useless keystrokes. Unfortunately, it sure ain't
a permanent solution and requires every contributor to
instruct their editor(s) to prevent or eliminate them.

Plus it's strongly recommended we all insert something
like what's shown below to our '.gitconfig' file so as
to provide at least some warnings when we try to apply
any patches (git am) that do contain the #@!%& things!

References(s):
~/.gitconfig excerpt ---------------------------------
[core]
  whitespace = trailing-space, space-before-tab, blank-at-eof
[apply]
  whitespace = warn
--------------------------------- ~/.gitconfig excerpt

Signed-off-by: Jim Warner <james.warner@comcast.net>
2013-03-14 12:36:47 +01:00
Sami Kerola
ce61089059 docs: clarification to license headers in files
Add license header to all files.  The summary of licensing is below,
taken from Craig Small's email which is referred in commit message
tail.

sysctl and pgrep are GPL 2+
The rest is LGPL 2.1+

Reference: http://www.freelists.org/post/procps/Incorrect-FSF-address-in-the-license-files,8
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=797962
CC: Craig Small <csmall@enc.com.au>
CC: Jaromir Capik <jcapik@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
2012-03-03 18:41:11 +11:00
Sami Kerola
c1fa3bfce8 misc: compiler warning fixes
Fix few compiler warnings. Some of these warnings appeared multiple
times, and the listing bellow is more about which sort of errors
where fixed.

devname.c:87:12: warning: comparison of integers of different signs: 'int' and 'unsigned long'
output.c:389:36: warning: passing 'char **const' to parameter of type 'const char *const restrict *' discards qualifiers in nested pointer types
output.c:611:31: warning: comparison of integers of different signs: 'const unsigned long' and 'int'
stacktrace.c:33:37: warning: unused parameter 'signum'

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
2011-12-20 17:30:50 +01:00
Hamish Moffatt
86fe50d179 libproc-ng: support building without WCHAR support
The uClibc might not have wchar.

A patch from Buildroot.

Reference: http://git.buildroot.net/buildroot/tree/package/procps/procps-wchar.patch?id=fc333e7d083d144e0f8d1c4bac061b8de2ee7510
Backported-by: Sami Kerola <kerolasa@iki.fi>
2011-12-18 10:36:07 +11:00
Jim Warner
7b0fc19e9d enhanced libproc cgroup/cmdline support, exploited by top
Library Changes
. added PROC_EDITCMDLCVT flag
. added an internal (static) fill_cmdline_cvt function:
  - reads and "escapes" /proc/#/cmdline
  - returns result as a single string in a single vector
  - callers are guaranteed a cmdline (no more NULL)
. added vectorize_this_str function, exploited by
  fill_cgroup_cvt, fill_cmdline_cvt
. generalized read_cmdline function as read_unvectored, now
  exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline
  ( cgroup and cmdline no longer need be converted to string )
  ( vectors before being transformed to final representation )
. fixed bug regarding skipped group numbers (when enabled)
. escape_str made responsible for all single byte translation
  with distinction between control chars + other unprintable
. added escaped_copy function for already escaped strings
. reorganized parts of proc_t to restore formatting standards
  ( displacement changes shouldn't matter with new version # )
. former ZAP_SUSEONLY #define now OOMEM_ENABLE
. added to library.map: escaped_copy; read_cmdline

Top Program Changes
. exploited the new PROC_EDITCMDLCVT provision
. eliminated now obsolete #include "proc/escape.h"
. changed the P_WCH display format if no kernel symbol table
. fixed very old bug in lflgs for out-of-view sort fields
. former ZAP_SUSEONLY #define now OOMEM_ENABLE

Ps Program Changes
. exploited the new PROC_EDITCMDLCVT provision
. exploited the new escaped_copy function
. consolidated pr_args and pr_comm into pr_argcom

Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
albert
0fb81f5c39 display problem on 64-bit systems fixed 2005-01-05 21:11:21 +00:00
albert
c961f2604a leftovers in the 3.2.4 release 2004-11-04 20:50:59 +00:00
albert
8300609ba9 plenty -- see NEWS file and a diff 2004-07-15 01:17:15 +00:00
albert
b67dc52160 proc/escape.c works for ps 2002-12-21 13:07:53 +00:00
albert
d8367cbb3e still sig11 w/ "ps f" 2002-12-21 10:34:50 +00:00
albert
1158fdd1b1 checkpoint 2002-12-21 06:22:00 +00:00