procps/proc
Qualys Security Advisory 6fb2bbaa0d proc/readproc.c: Harden status2proc().
1/ Do not read past the terminating null byte when hashing the name.

2/ S[x] is used as an index, but S is "char *S" (signed) and hence may
index the array out-of-bounds. Bit-mask S[x] with 127 (the array has 128
entries).

3/ Use a size_t for j, not an int (strlen() returns a size_t).

Notes:

- These are (mostly) theoretical problems, because the contents of
  /proc/PID/status are (mostly) trusted.

- The "name" member of the status_table_struct has 8 bytes, and
  "RssShmem" occupies exactly 8 bytes, which means that "name" is not
  null-terminated. This is fine right now, because status2proc() uses
  memcmp(), not strcmp(), but it is worth mentioning.
2018-05-19 07:32:22 +10:00
..
alloc.c proc/alloc.*: Use size_t, not unsigned int. 2018-05-19 07:32:21 +10:00
alloc.h proc/alloc.*: Use size_t, not unsigned int. 2018-05-19 07:32:21 +10:00
COPYING miscellaneous: clean up trailing whitespace once again 2013-04-07 18:05:01 +10:00
devname.c proc/devname.c: Never write more than "chop" (part 2). 2018-05-19 07:32:21 +10:00
devname.h Change restrict to __restrict in public includes 2012-01-09 21:44:51 +11:00
escape.c proc/escape.c: Handle negative snprintf() return value. 2018-05-19 07:32:21 +10:00
escape.h Change restrict to __restrict in public includes 2012-01-09 21:44:51 +11:00
fprocopen.3 docs: Change name of fprocopen man page 2018-02-28 21:24:03 +11:00
libprocps.pc.in Renaming libprocfs to libprocps 2011-12-23 09:18:43 +11:00
libprocps.sym sysctl: Bring procio functions out of library 2018-03-01 21:25:04 +11:00
numa.c library: set stage for NUMA node field display support 2017-05-22 21:34:32 +10:00
numa.h library: build on non-glibc systems 2018-04-10 21:28:11 +10:00
openproc.3 documentation: fix man pages due to refactor for wchan 2015-06-19 19:09:21 +10:00
procps-private.h library: Change linux version 2015-06-19 21:00:46 +10:00
procps.h library: relocate the typedef used in alloc.h override 2017-12-23 17:41:37 +11:00
pwcache.c library: rename clashing pwcache functions 2016-07-06 22:26:02 +10:00
pwcache.h library: rename clashing pwcache functions 2016-07-06 22:26:02 +10:00
readproc.3 misc: result after checking all files for misspellings 2014-08-08 22:14:21 +02:00
readproc.c proc/readproc.c: Harden status2proc(). 2018-05-19 07:32:22 +10:00
readproc.h library: avoid QUICK_THREADS, swat Redhat bug #1284091 2016-07-09 13:23:27 +10:00
readproctab.3 misc: result after checking all files for misspellings 2014-08-08 22:14:21 +02:00
sig.c proc/sig.c: Harden print_given_signals(). 2018-05-19 07:32:21 +10:00
sig.h Change restrict to __restrict in public includes 2012-01-09 21:44:51 +11:00
slab.c proc/slab.c: Initialize struct slab_info in get_slabnode(). 2018-05-19 07:32:21 +10:00
slab.h proc/slab.h: Fix off-by-one overflow in sscanf(). 2018-05-19 07:32:21 +10:00
sysinfo.c proc/sysinfo.c: Ensure null-termination in getstat(). 2018-05-19 07:32:22 +10:00
sysinfo.h - Fixing sysinfo - devices with length exceeding 15 chars are not displayed in vmstat -d 2016-06-30 18:29:50 +02:00
version.c miscellaneous: remove some trailing whitespace buildup 2015-06-20 07:46:23 +10:00
version.h proc/version.h: Protect parameter in LINUX_VERSION() macro. 2018-05-19 07:32:21 +10:00
wchan.c misc: remove some trailing whitespace newly introduced 2016-12-07 21:50:59 +11:00
wchan.h library: refactor and rely on modern kernels for wchan 2015-06-19 19:09:20 +10:00
whattime.c proc/whattime.c: Always initialize buf. 2018-05-19 07:32:21 +10:00
whattime.h Add -p|--pretty option to uptime(1) for pretty output. 2012-02-22 10:35:12 -05:00