procps/proc
Qualys Security Advisory 807498f899 0070-proc/readproc.c: Harden status2proc().
1/ Do not read past the terminating null byte when hashing the name.

2/ S[x] is used as an index, but S is "char *S" (signed) and hence may
index the array out-of-bounds. Bit-mask S[x] with 127 (the array has 128
entries).

3/ Use a size_t for j, not an int (strlen() returns a size_t).

Notes:

- These are (mostly) theoretical problems, because the contents of
  /proc/PID/status are (mostly) trusted.

- The "name" member of the status_table_struct has 8 bytes, and
  "RssShmem" occupies exactly 8 bytes, which means that "name" is not
  null-terminated. This is fine right now, because status2proc() uses
  memcmp(), not strcmp(), but it is worth mentioning.

---------------------------- adapted for newlib branch
. newlib doesn't use that 'unlikely' crap
. newlib also had a '#ifdef FALSE_THREADS'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
..
.gitignore tests: update template and add pids 2016-04-19 21:33:02 +10:00
COPYING miscellaneous: clean up trailing whitespace once again 2013-04-07 18:05:01 +10:00
devname.c 0040-proc/devname.c: Never write more than "chop" (part 2). 2018-06-09 21:35:19 +10:00
devname.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
diskstats.c library: delete some obsolete parameter checking logic 2017-12-20 21:18:54 +11:00
diskstats.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
escape.c 0051-proc/escape.c: Prevent buffer overflows in escape_command(). 2018-06-09 21:35:19 +10:00
escape.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
libprocps.pc.in Renaming libprocfs to libprocps 2011-12-23 09:18:43 +11:00
libprocps.sym library: provide for validating result type references 2016-08-07 21:40:48 +10:00
meminfo.c library: delete some obsolete parameter checking logic 2017-12-20 21:18:54 +11:00
meminfo.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
namespace.c library: ensure 'namespace' types treated consistently 2017-01-04 08:29:44 +11:00
namespace.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
numa.c library: set stage for NUMA node field display support 2017-05-22 21:38:10 +10:00
numa.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
pids.c library: expanded to provide for the UID used at login 2018-02-19 20:33:59 +11:00
pids.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
procps-private.h library: please keep procps-private.h free of #include 2016-06-11 11:50:37 +10:00
procps.h library: provide for validating result type references 2016-08-07 21:40:48 +10:00
pwcache.c library: eliminate all dependencies on alloc.h/alloc.c 2017-12-20 21:18:53 +11:00
pwcache.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
readproc.c 0070-proc/readproc.c: Harden status2proc(). 2018-06-09 21:35:19 +10:00
readproc.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
slabinfo.c 0042-proc/slab.h: Fix off-by-one overflow in sscanf(). 2018-06-09 21:35:19 +10:00
slabinfo.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
stat.c library: delete some obsolete parameter checking logic 2017-12-20 21:18:54 +11:00
stat.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
sysinfo.c library: eliminate all dependencies on alloc.h/alloc.c 2017-12-20 21:18:53 +11:00
sysinfo.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
test_namespace.c tests: update template and add pids 2016-04-19 21:33:02 +10:00
test_pids.c related: change for lost 'PROCPS_' enumerator prefixes 2016-07-26 20:49:44 +10:00
test_sysinfo.c tests: update template and add pids 2016-04-19 21:33:02 +10:00
test_uptime.c library: procps_uptime() return value is a status 2016-05-01 16:50:25 +10:00
test_version.c library: Fix LINUX_VERSION macro 2016-05-01 17:46:25 +10:00
uptime.c 0047-proc/whattime.c: Always initialize buf. 2018-06-09 21:35:19 +10:00
uptime.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
version.c miscellaneous: remove some trailing whitespace buildup 2015-06-20 07:46:23 +10:00
version.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
vmstat.c library: delete some obsolete parameter checking logic 2017-12-20 21:18:54 +11:00
vmstat.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
wchan.c library: don't strip off prefixes from the wchan names 2016-12-07 22:07:00 +11:00
wchan.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
xtra-procps-debug.h library: strengthen the VAL macro validation functions 2016-08-08 22:01:37 +10:00