Commit Graph

121 Commits

Author SHA1 Message Date
Jim Warner
f9a8009e27 library: avoid problems involving 'supgid' mishandling
Following that patch referenced below, the top SUPGRPS
field would produce a segmentation fault and ps SUPGRP
would often show "(null)". Such problems resulted from
some faulty logic in the status2proc() routine dealing
with 'Groups' (supgid) which served as a source field.

For many processes the original code produced an empty
string which prevented conversion to the expected "-".
Moreover, prior to release 3.3.15 such an empty string
will become 0 after strtol() which pwcache_get_group()
translates to 'root' yielding very misleading results.

So, now we'll check for empty '/proc/#/status/Groups:'
fields & consistently provide a "-" value for callers.

[ we'll also protect against future problems in that ]
[ new qualys logic by always ensuring valid 'supgrp' ]
[ pointers - logic which revealed our original flaw! ]

Reference(s):
. original qualys patch
0071-proc-readproc.c-Harden-supgrps_from_supgids.patch

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-05-31 22:02:03 +10:00
Qualys Security Advisory
14758ebc8f proc/readproc.c: Work around a design flaw in readeither().
readeither() caches (in new_p) a pointer to the proc_t of a task-group
leader, but readeither()'s callers can do pretty much anything with the
proc_t structure passed to and/or returned by this function. For
example, they can 1/ free it or 2/ recycle it (by passing it to
readeither() as x).

1/ leads to a use-after-free, and 2/ leads to unexpected behavior when
taskreader()/simple_readtask() is called with new_p equal to x (this is
not a theoretical flaw: 2/ happens in readproctab3() when want_task()
returns false and p is a group leader).

As a workaround, we keep a copy of new_p's first member (tid) in static
storage, and the next times we enter readeither() we check this "canary"
against the tid in new_p: if they differ, we reset new_p to NULL, which
forces the allocation of a new proc_t (the new "leader", or reference).

This always detects 2/ (because free_acquired(x,1) memsets x and hence
new_p); always detects 1/ if freed via free_acquired() and/or freeproc()
(very likely, otherwise memory may be leaked); probably detects 1/ even
if freed directly via free() (because the canary is the first member of
proc_t, likely to be overwritten by free()); but can not detect 1/ if
free() does not write to new_p's chunk at all.

Moreover, accessing new_p->tid to check the canary in case 1/ is itself
a use-after-free, so a better long-term solution should be implemented
at some point (we wanted to avoid intrusive and backward-incompatible
changes in this library function, hence this imperfect workaround).
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
94eebb03b5 proc/readproc.c: Prevent integer overflows in readproctab*().
If an integer overflow is about to be reached, call xalloc_err_handler()
(since it would have been caught by calloc() or reallocarray()) and then
exit(): these integer overflows are far from reachable, with the current
PID_MAX_LIMIT (2^22), so if they are there is something very wrong going
on. Note: we check the n_*alloc variables against INT_MAX even when they
are size_t because they are later stored as int in a struct proc_data_t.
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
a013f6e020 proc/readproc.c: Fix double-free()s in readtask().
If QUICK_THREADS is not defined (it is not by default, but most
distributions enable it) and task_dir_missing is true (only on very old
kernels), then readtask() forgets to reset some of the struct proc_t t's
members, which later results in double-free()s in free_acquired().

For now, we simply synchronized the list of members to be reset with the
list of members freed in free_acquired().
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
1539c13507 proc/readproc.c: Fix use-after-free in readproctab2().
The memset() in the PROC_LOOSE_TASKS loop leaves a struct proc_t
uninitialized (the one at data+n_used), which leads to a use-after-free.

ps calls readproctab2(), but only if !TF_loose_tasks, and this U-A-F is
triggered only if PROC_LOOSE_TASKS, so there seems to be no vulnerable
call in the procps package itself (other users of the libprocps may be
vulnerable, though).
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
a4d82a2c2c proc/readproc.c: Harden openproc().
Replace xmalloc() with xcalloc().
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
19849a45e0 proc/readproc.c: Harden get_proc_stats().
Replace sprintf() with snprintf().
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
1b8ec51013 proc/readproc.c: Harden simple_nextpid().
Replace memcpy+strcpy with snprintf.
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
263c0ebdd8 proc/readproc.c: Harden fill_cgroup_cvt().
Check the return value of snprintf(), otherwise dst may point
out-of-bounds when it reaches the end of the dst_buffer (the snprintf()
always returns 1 in that case, even if there is not enough space left),
and vMAX becomes negative and is passed to snprintf() as a size_t.
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
6939463606 proc/readproc.c: Harden vectorize_this_str().
This detects an integer overflow of "strlen + 1", prevents an integer
overflow of "tot + adj + (2 * pSZ)", and avoids calling snprintf with a
string longer than INT_MAX. Truncate rather than fail, since the callers
do not expect a failure of this function.
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
39dcf47bc8 proc/readproc.c: Harden read_unvectored().
1/ Prevent an out-of-bounds write if sz is 0.

2/ Limit sz to INT_MAX, because the return value is an int, not an
unsigned int (and because if INT_MAX is equal to SSIZE_MAX, man 2 read
says "If count is greater than SSIZE_MAX, the result is unspecified.")

3/ Always null-terminate dst (unless sz is 0), because a return value of
0 because of an open() error (for example) is indistinguishable from a
return value of 0 because of an empty file.

4/ Use an unsigned int for i (just like n), not an int.

5/ Check for snprintf() truncation.
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
36c350f07c proc/readproc.c: Fix bugs and overflows in file2strvec().
Note: this is by far the most important and complex patch of the whole
series, please review it carefully; thank you very much!

For this patch, we decided to keep the original function's design and
skeleton, to avoid regressions and behavior changes, while fixing the
various bugs and overflows. And like the "Harden file2str()" patch, this
patch does not fail when about to overflow, but truncates instead: there
is information available about this process, so return it to the caller;
also, we used INT_MAX as a limit, but a lower limit could be used.

The easy changes:

- Replace sprintf() with snprintf() (and check for truncation).

- Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and
  do break instead of return: it simplifies the code (only one place to
  handle errors), and also guarantees that in the while loop either n or
  tot is > 0 (or both), even if n is reset to 0 when about to overflow.

- Remove the "if (n < 0)" block in the while loop: it is (and was) dead
  code, since we enter the while loop only if n >= 0.

- Rewrite the missing-null-terminator detection: in the original
  function, if the size of the file is a multiple of 2047, a null-
  terminator is appended even if the file is already null-terminated.

- Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)":
  originally, it was equivalent to "if (n < 0)", but we added "tot <= 0"
  to handle the first break of the while loop, and to guarantee that in
  the rest of the function tot is > 0.

- Double-force ("belt and suspenders") the null-termination of rbuf:
  this is (and was) essential to the correctness of the function.

- Replace the final "while" loop with a "for" loop that behaves just
  like the preceding "for" loop: in the original function, this would
  lead to unexpected results (for example, if rbuf is |\0|A|\0|, this
  would return the array {"",NULL} but should return {"","A",NULL}; and
  if rbuf is |A|\0|B| (should never happen because rbuf should be null-
  terminated), this would make room for two pointers in ret, but would
  write three pointers to ret).

The hard changes:

- Prevent the integer overflow of tot in the while loop, but unlike
  file2str(), file2strvec() cannot let tot grow until it almost reaches
  INT_MAX, because it needs more space for the pointers: this is why we
  introduced ARG_LEN, which also guarantees that we can add "align" and
  a few sizeof(char*)s to tot without overflowing.

- Prevent the integer overflow of "tot + c + align": when INT_MAX is
  (almost) reached, we write the maximal safe amount of pointers to ret
  (ARG_LEN guarantees that there is always space for *ret = rbuf and the
  NULL terminator).
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
ccf8de0874 proc/readproc.c: Harden file2str().
1/ Replace sprintf() with snprintf() (and check for truncation).

2/ Prevent an integer overflow of ub->siz. The "tot_read--" is needed to
avoid an off-by-one overflow in "ub->buf[tot_read] = '\0'". It is safe
to decrement tot_read here, because we know that tot_read is equal to
ub->siz (and ub->siz is very large).

We believe that truncation is a better option than failure (implementing
failure instead should be as easy as replacing the "tot_read--" with
"tot_read = 0").
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
344f6d3c0e proc/readproc.c: Harden stat2proc().
1/ Use a "size_t num" instead of an "unsigned num" (also, do not store
the return value of sscanf() into num, it was unused anyway).

2/ Check the return value of strchr() and strrchr().

3/ Never jump over the terminating null byte with "S = tmp + 2".
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
20269a4129 proc/readproc.c: Harden supgrps_from_supgids().
1/ Prevent an integer overflow of t.

2/ Avoid an infinite loop if s contains characters other than comma,
spaces, +, -, and digits.

3/ Handle all possible return values of snprintf().
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
6fb2bbaa0d proc/readproc.c: Harden status2proc().
1/ Do not read past the terminating null byte when hashing the name.

2/ S[x] is used as an index, but S is "char *S" (signed) and hence may
index the array out-of-bounds. Bit-mask S[x] with 127 (the array has 128
entries).

3/ Use a size_t for j, not an int (strlen() returns a size_t).

Notes:

- These are (mostly) theoretical problems, because the contents of
  /proc/PID/status are (mostly) trusted.

- The "name" member of the status_table_struct has 8 bytes, and
  "RssShmem" occupies exactly 8 bytes, which means that "name" is not
  null-terminated. This is fine right now, because status2proc() uses
  memcmp(), not strcmp(), but it is worth mentioning.
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
27e45cf43b proc/readproc.c: Fix the unhex() function.
This function is unused (SIGNAL_STRING is defined by default, and if it
is not, procps does not compile -- for example, there is no "outbuf" in
help_pr_sig()) but fix it anyway. There are two bugs:

- it accepts non-hexadecimal characters (anything >= 0x30);

- "(c - (c>0x57) ? 0x57 : 0x30)" is always equal to 0x57.
2018-05-19 07:32:22 +10:00
Qualys Security Advisory
7941bb512a proc/readproc.c: Add checks to get_ns_name() and get_ns_id(). 2018-05-19 07:32:21 +10:00
Sven Eden
776b0791ba Add support for elogind
A session manager similar to logind from systemd.
See https://github.com/elogind/elogind

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
2017-12-29 15:57:14 +11:00
Jim Warner
629fa81b57 misc: eliminate all those remaining gcc -Wall warnings
Reference(s):
proc/readproc.c: In function 'statm2proc'
proc/readproc.c:627:9: warning: variable 'num' set but not used [-Wunused-but-set-variable]

ps/output.c: In function 'pr_context':
ps/output.c:1273:14: warning: unused variable 'tried_load' [-Wunused-variable]
ps/output.c:1272:16: warning: unused variable 'ps_is_selinux_enabled' [-Wunused-variable]
ps/output.c:1272:16: warning: 'ps_is_selinux_enabled' defined but not used [-Wunused-variable]
ps/output.c:1273:14: warning: 'tried_load' defined but not used [-Wunused-variable]
ps/output.c:1837:18: warning: 'shortsort_array_count' defined but not used [-Wunused-const-variable=]
ps/output.c:1803:18: warning: 'aix_array_count' defined but not used [-Wunused-const-variable=]

ps/parser.c: In function 'arg_type':
ps/parser.c:1098:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
ps/parser.c:1099:34: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'

ps/sortformat.c: In function 'format_parse':
ps/sortformat.c:241:1: warning: label 'out' defined but not used [-Wunused-label]

ps/stacktrace.c:176:13: warning: 'stack_trace_sigsegv' defined but not used [-Wunused-function]

watch.c: In function 'process_ansi':
watch.c:234:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
watch.c:237:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-05-22 21:34:32 +10:00
Craig Small
639c58312b library: rename clashing pwcache functions
On MacOS the system already has user_from_uid and group_from_gid.
These are renamed pwcache_get_user and pwcache_get_group.

For the old library, pwcache_get_user needs to be exported
for skill.

References:
 https://gitlab.com/procps-ng/procps/issues/34

Signed-off-by: Craig Small <csmall@enc.com.au>
2016-07-06 22:26:02 +10:00
Jim Warner
5d54dc0d2e library: play catchup with a new proc_t 'cgname' field
Since we're about to break the ABI/API anyway, why not
go ahead and add yet another field to our proc_t which
the newlib branch has had for awhile. This then allows
the top program to offer 'control group name' and will
also permit a few reductions in that ps program logic.

And let's also clean up some unrelated warnings below.

Clang warnings:
proc/readproc.c:1178:50: warning: address of array 'ent->d_name' will always evaluate to 'true' [-Wpointer-bool-conversion]
    if(unlikely(unlikely(!ent) || unlikely(!ent->d_name))) return 0;
                                           ~~~~~~^~~~~~
proc/readproc.c:1205:50: warning: address of array 'ent->d_name' will always evaluate to 'true' [-Wpointer-bool-conversion]
    if(unlikely(unlikely(!ent) || unlikely(!ent->d_name))) return 0;
                                           ~~~~~~^~~~~~

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-07-06 21:33:17 +10:00
Jim Warner
32db4e99a6 library: make sure that the proc_t is now fixed length
The former variable length structure created potential
problems for library users like that referenced below.

We will now parallel the same approach newlib uses for
the configure options --enable-oomem & --with-systemd.
Thus, the --enable-oomem and OOMEM_ENABLE #define have
been eliminated and the --with-systemd option (#define
WITH_SYSTEMD) will hereafter impact one function only.

The proc_t struct itself will now *never* be impacted.

Reference(s):
https://gitlab.com/procps-ng/procps/issues/31

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-06-07 20:49:30 +10:00
Jim Warner
cb0e210930 library: exploit linux-4.5 resident memory enhancement
Since support already exists in the newlib branch this
represents an equivalent master branch implementation,
and this commit message is shared with 2 more patches.

Beginning with linux-4.5, the following new fields are
being added under that /proc/<pid>/status pseudo file:
 . RssAnon - size of resident anonymous memory
 . RssFile - size of resident file mappings
 . RssShmem - size of resident shared memory

p.s. Locked resident memory support was also added but
isn't directly related to the kernel 4.5 enhancements.

p.p.s. Archlinux, Debian-stretch and Fedora-23 already
are currently using a 4.5 linux kernel (as of 6/2/16).

Signed-off-by: Jim Warner <james.warner@comcast.net>
2016-06-07 20:49:30 +10:00
Craig Small
da715e3ca0 Replace %Lu with standard %llu
Multiple scanf()s use the GNU-permitted %Lu. This is not supported in
other libraries and isn't to the POSIX specification. The L modifier
is only used for floats in POSIX.

Replacing %Lu with %llu is the same for GNU libc (scanf(3) says as much)
but means other libraries will work fine.

Closes: #19

References:
 http://pubs.opengroup.org/onlinepubs/009695399/functions/fscanf.html
2016-03-03 21:43:52 +11:00
Jim Warner
0557504f9c library: add support for displaying LXC container name
This commit adds a lxc container name to every proc_t.
If a process is not running in a container, then a '-'
will be provided, making such a field always sortable.

Unlike other proc_t character pointers, lxc containers
will find many duplicate shared values. So rather than
strdup 'em (with a later free required upon reuse), we
try to keep track of those already seen and share that
address among all tasks running within each container.

We rely on the lines in the task's cgroup subdirectory
which may initially seem somewhat unsophisticated. But
the lxc library itself uses a similar approach when it
is called to list active containers. In that case, the
/proc/net/unix directory is parsed for the '/lxc' eye-
catcher, with potential complications from hashed path
and names that are too long (something we don't face).

[ too bad docker abandoned lxc - our commit won't do ]
[ anything for the users of those kind of containers ]

Reference(s):
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424253
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1424253

Signed-off-by: Jim Warner <james.warner@comcast.net>
2015-06-14 15:36:05 +10:00
Fredrik Fornwall
00279d692a Use <dirent.h> instead of <sys/dir.h>
Using <dirent.h> and struct dirent instead of <sys/dir.h> and struct direct
is preferred and works on Android which lacks sys/dir.h.

See:
http://pubs.opengroup.org/onlinepubs/009695399/basedefs/dirent.h.html
2014-08-26 16:01:57 +02:00
Jim Warner
9d8ad6419f library: generalize then add former 'ps' systemd logic
Signed-off-by: Jim Warner <james.warner@comcast.net>
2014-07-17 13:31:06 +02:00
Jaromir Capik
ae9676a337 library: skip replacement of trailing '\0' in read_unvectored()
Under some circumstances the ksh shell doesn't fork new processes
when executing scripts and the script is interpreted by the
parent process. That makes the execution faster, but it means
ksh needs to reuse the /proc/PID/cmdline for the new script name
and arguments while the file length needs to stay untouched.
The fork is skipped only when the new cmdline is shorter than
the parent's cmdline and the rest of the file is filled
with '\0'. This is perfectly ok until we try to read the cmdline
of such process. As the read_unvectored() function replaces
all zeros with chosen separator, these trailing zeros are replaced
with spaces in case of the ps tool. Consequently it appends
multiple spaces at the end of the arguments string even when these
zeros do not represent any separators and therefore shouldn't
be replaced.
With this commit the read_unvectored() function skips the
replacement of trailing zeros and separates valid content only.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1057600
2014-01-24 18:32:20 +01:00
Jim Warner
583cdaca1a library: normalize recently added namespaces interface
While 'invisible' thread subdirectories are accessible
under /proc/ with stat/opendir calls, they have always
been treated as non-existent, as is true with readdir.

This patch trades the /proc/#/ns access convention for
the more proper /proc/#/task/#/ns approach when thread
access is desired. In addition some namespace code has
been simplified and made slightly more efficient given
the calloc nature of proc_t acquisition and its reuse.

Reference(s):
commit a01ee3c0b3

Signed-off-by: Jim Warner <james.warner@comcast.net>
2013-11-25 20:57:32 +11:00
Craig Small
dd6f24dbed Merge commit 'refs/merge-requests/13' of git://gitorious.org/procps/procps into merge-requests/13
Conflicts:
	pgrep.c
	ps/output.c
	ps/ps.1
2013-09-11 21:34:05 +10:00
Jim Warner
95d0136281 library: dynamic buffer management even more efficient
One recent patch to dynamic buffer management involved
over-allocating the buffer increase to lessen calls to
xrealloc. That was successful, but the actual increase
amount did not attempt to optimize size or alignments.

With this commit, we'll copy an approach recently used
by the top program and round up buffer sizes to 1 KiB.
More importantly, while buffers are quickly reaching a
KiB optimum multiple, no memcpy will ever be employed!

To illustrate just how effective top's algorithm would
be, just change the initial and subsequent allocations
from the current 1024 bytes to just a single byte then
add an fprintf.  Those one byte reallocations while on
the way to optimum buffer size will be a one-time cost
and won't represent any recurring performance penalty.

( gosh, that top program *must be* one fart smeller, )
( or was that a smart feller, i can't remember which )

Reference)s):
commit 6d605f521c
commit a45dace4b8

Signed-off-by: Jim Warner <james.warner@comcast.net>
2013-04-24 08:29:22 +10:00
Aristeu Rozanski
a01ee3c0b3 procps: add support for linux namespaces
Each process in Linux has a /proc/<pid>/ns directory which contains
symbolic links to pipes that identify which namespaces that process
belongs to. This patch adds support for ps to display that information
optionally.

Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
2013-04-16 15:05:21 -04:00
Jim Warner
526bc5dfa9 library: avoid SEGV if file2str should read zero bytes
When utility buffers were introduced for file2str read
requests, a subtle change was inadvertently introduced
such that a read of zero no longer returns a -1 value.

This commit ensures that zero bytes read returns a -1.

And although the solution differs from a merge request
submitted by sergey.senozhatsky@gmail.com, a thank you
is offered for revealing this potential abend problem.

References(s):
commit a45dace4b8
http://gitorious.org/procps/procps/merge_requests/11

Signed-off-by: Jim Warner <james.warner@comcast.net>
Signed-off-by: Craig Small <csmall@enc.com.au>
2013-04-07 17:35:49 +10:00
Jim Warner
6d605f521c library: make dynamic buffer management more efficient
When dynamic buffers were recently introduced for read
of the status, stat and statm subdirectories one extra
call to read() was required for end-of-file detection.

This patch avoids most all such extra calls to read().

Additionally, the frequency of memory reallocations is
reduced by overallocating each increase more than 25%.

Reference)s):
commit a45dace4b8

Signed-off-by: Jim Warner <james.warner@comcast.net>
Signed-off-by: Craig Small <csmall@enc.com.au>
2013-04-07 17:35:49 +10:00
Gilles Espinasse
a75f698977 procps-ng : fix readproc gnu_scanf format warnings
readproc.c: In function 'stat2proc' :
readproc.c:516: warning: use of assignment suppression and length modifier together in gnu_scanf format
readproc.c:516: warning: use of assignment suppression and length modifier together in gnu_scanf format

Signed-off-by: Gilles Espinasse <g.esp@free.fr>
2013-03-26 20:53:35 +11:00
Jim Warner
a45dace4b8 library: utility buffers now immune to buffer overflow
A recent Debian bug report, dealing with release 3.2.8
and its even more restrictive buffer sizes (1024) used
in stat, statm and status reads via file2str calls, is
a reminder of what could yet happen to procps-ng. Size
needs are determined by kernel evolution and/or config
options so that bug could resurface even though buffer
size is currently 4 times the old procps-3.2.8 limits.

Those sizes were raised from 1024 to 4096 bytes in the
patch submitted by Eric Dumazet, and referenced below.

This patch makes libprocps immune to future changes in
the amount of stuff that is ultimately found in a proc
'stat', 'statm' or 'status' subdirectory. We now trade
the former static buffer of 4096 bytes for dynamically
allocated buffers whose size can be increased by need.

Even though this change is solely an internal one, and
in no way directly affects the API or the ABI, libtool
suggests that the LIBprocps_REVISION be raised. I hope
Craig remembers to do that just before a next release.

We don't want a repeat of the procps-ng-3.3.4 boo-boo,
but with no API/ABI impact that probably can't happen.

p.s. A big thanks to Jaromir Capik <jcapik@redhat.com>
who reviewed my original version and, of course, found
some of my trademark illogic + unnecessary code. After
his coaxing, he helped make this a much better commit.

Reference(s):
. procps-3.2.8
http://bugs.debian.org/702965
. allow large list of groups
commit 7933435584

Signed-off-by: Jim Warner <james.warner@comcast.net>
Reviewed by:   Jaromir Capik <jcapik@redhat.com>
2013-03-23 16:00:02 +01:00
Eric Dumazet
7933435584 ps: allow large list of groups
Current linux kernels output no more than 32 groups
in /proc/{pid}/status.

Plan is to increase this limit.

This patch allows ps to not core dump if the buffer used to read status
file was too small.

# ps aux
Signal 11 (SEGV) caught by ps (procps-ng version 3.3.3).
ps:display.c:59: please report this bug

Also increases the size of the buffer from 1024 to 4096, since even with
32 groups we are close to the limit.

cat /proc/12731/status | wc
     39     128     961

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
2012-10-24 21:43:37 +11:00
Jim Warner
348e6091cb library: add a single vector string choice for 'environ'
In preparation for top scrollable environment display,
the new flag PROC_EDITENVRCVT was added to mirror the
existing single vector string handling for cgroup and
cmdline.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2012-08-29 17:34:54 +10:00
Jim Warner
f4666e1743 library: lift 1024 byte restriction on control groups
The control group hierarchies for any particular task
could conceivably grow quite large.  However, the
library might impose an arbitrary limit of 1024 bytes
via fill_cgroup_cvt.

Two utility buffers of 128 KiB each were already
available for command line use.  This commit simply
trades the smaller 1024 byte stack based buffers for
those much larger existing ones.  Thus, truncation
can be avoided with no additional run-time costs.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2012-08-29 17:27:50 +10:00
Jim Warner
8b64b36bbf library: standardize handling of cgroup, supgid
Some inconsistencies have emerged during development
of support for these relatively new proc_t fields.

For example, a PROC_FILLCGROUP flag (via file2strvec)
could return NULL in cgroup whereas PROC_EDITCGRPCVT
(via fill_cgroup_cvt) *almost* guaranteed a return
address (as is true for PROC_EDITCMDLCVT and cmdline).
But even PROC_EDITCGRPCVT could return NULL if the
kernel version was less than 2.6.24.  Then with NULL
ps would display a "-" while top would show "n/a".

And while unlikely, with the PROC_FILLSTATUS flag (via
status2proc) a NULL supgid address was theoretically
possible and both ps and top would then show "n/a".

This commit standardizes the following usage:
  . PROC_FILLSTATUS         (via status2proc)
      guarantees a valid supgid address
      representing either a true comma
      delimited list or "-"
  . PROC_FILLCGROUP  plus
    PROC_EDITCGRPCVT        (via fill_cgroup_cvt)
      guarantees a cgroup single vector
      representing either a true control
      group hierarchy or "-"

And as was true before, the following remains true:
    PROC_FILLCOM     or
    PROC_FILLARG            (via file2strvec)
      may return a NULL cmdline pointer
  . PROC_FILLCGROUP         (via file2strvec)
      may return a NULL cgroup pointer
  . PROC_FILLCOM     or
    PROC_FILLARG     plus
    PROC_EDITCMDLCVT        (via fill_cmdline_cvt)
      guarantees a cmdline single vector
      representing either a true command
      line or a bracketed program name
  . PROC_FILLSTATUS  plus
    PROC_FILLSUPGRP         (via supgrps_from_supgids)
      guarantees a valid supgrp address
      representing either a true comma
      delimited list or "-"

Signed-off-by: Jim Warner <james.warner@comcast.net>
2012-08-29 17:26:13 +10:00
Sami Kerola
ce61089059 docs: clarification to license headers in files
Add license header to all files.  The summary of licensing is below,
taken from Craig Small's email which is referred in commit message
tail.

sysctl and pgrep are GPL 2+
The rest is LGPL 2.1+

Reference: http://www.freelists.org/post/procps/Incorrect-FSF-address-in-the-license-files,8
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=797962
CC: Craig Small <csmall@enc.com.au>
CC: Jaromir Capik <jcapik@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
2012-03-03 18:41:11 +11:00
Craig Small
16329a7c3c libprocps-ng: readproc.c: some type conversion help
Return if unable to open /proc

A patch from Debian.

Backported-by: Sami Kerola <kerolasa@iki.fi>
2011-12-18 22:50:40 +11:00
Daniel Novotny
5d29bfedc8 pwdx & libprocps-ng: Hurd does not have MAX_PATH defined
A patch from Debian.

Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=485243
Bug-Debian: http://bugs.debian.org/588677
Backported-by: Sami Kerola <kerolasa@iki.fi>
2011-12-18 22:30:00 +11:00
Armin van Buuren
90b201f1f4 libproc-ng: prettyfy proc mount messages
A patch from Gentoo.

Bug-Gentoo: https://bugs.gentoo.org/138029?id=138029
Bug-Gentoo: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-process/procps/files/procps-3.2.7-proc-mount.patch?revision=1.1&view=markup
Bug-Gentoo: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-process/procps/files/procps-3.2.7-proc-mount.patch?revision=1.1&view=markup
Backported-by: Sami Kerola <kerolasa@iki.fi>
2011-12-18 10:58:02 +11:00
Jim Warner
c3a1239efe library: once again properly ignore a final empty cgroup
Commit a5881b5a4e, addressing
command lines with a trailing space, produced an undesirable
side effect in the fill_cgroup_cvt() function.

This patch restores correct cgroup behavior while still
producing command lines with no trailing space.
2011-12-14 23:02:51 +11:00
Jim Warner
e048aa0e7e library: eliminate one redundant 'extern' qualifier 2011-12-11 22:27:19 +11:00
Jim Warner
a5881b5a4e library: create cmdlines consistently with no trailing space
When PROC_FILLARG was used (invoking file2strvec)
command lines contained no trailing space.

When PROC_EDITCMDLCVT was used (invoking read_unvectored)
command lines contained a trailing space.

Now both routes to a cmdline act the same -- no trailing space.
2011-12-11 22:27:12 +11:00
Jim Warner
ed59472307 library: provide for huge cmdlines, like old libproc
The CodingStyle document suggests programs should allow for
cmdlines of at least 128k.  Only the ps program can display
such a cmdline, and only with multiple -w switches.

The library function file2strvec can essentially return
a cmdline of unlimited length.  However, the library function
fill_cmdline_cvt used an arbitrary upper limit of 2048 for
buffers automatically allocated on the stack.

This patch raises the fill_cmdline_cvt upper limit to 128k via
dymaically acquired utility buffers ensured by the openproc
function.

It also makes indentation consistent in the openproc function.
2011-12-11 22:27:06 +11:00
Jim Warner
827334870d library: exploit enhanced library memory allocation provisions
There were numerous library memory allocation inconsistencies.
Some were checked for failure and others were not.

All library source modules were modified to utilize the alloc.h
memory rouines which are consistent in dealing with errors.
2011-12-11 22:26:55 +11:00