procps/proc/readproc.c

1686 lines
52 KiB
C
Raw Normal View History

2002-02-01 22:47:29 +00:00
/*
* New Interface to Process Table -- PROCTAB Stream (a la Directory streams)
* Copyright (C) 1996 Charles L. Blake.
* Copyright (C) 1998 Michael K. Johnson
2003-09-18 02:18:43 +00:00
* Copyright 1998-2003 Albert Cahalan
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
2002-02-01 22:47:29 +00:00
*/
#include "version.h"
#include "readproc.h"
2002-12-09 07:00:07 +00:00
#include "alloc.h"
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
#include "escape.h"
2002-12-09 07:00:07 +00:00
#include "pwcache.h"
#include "devname.h"
#include "procps.h"
2002-02-01 22:47:29 +00:00
#include <stdio.h>
#include <stdlib.h>
2002-12-03 09:07:59 +00:00
#include <errno.h>
2002-02-01 22:47:29 +00:00
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>
#include <fcntl.h>
#include <dirent.h>
2002-02-01 22:47:29 +00:00
#include <sys/types.h>
#include <sys/stat.h>
#include <limits.h>
#include <stdint.h>
#ifdef WITH_SYSTEMD
#include <systemd/sd-login.h>
#endif
#ifdef WITH_ELOGIND
#include <elogind/sd-login.h>
#endif
2002-02-01 22:47:29 +00:00
2003-09-17 21:58:32 +00:00
// sometimes it's easier to do this manually, w/o gcc helping
2003-02-17 00:57:15 +00:00
#ifdef PROF
extern void __cyg_profile_func_enter(void*,void*);
#define ENTER(x) __cyg_profile_func_enter((void*)x,(void*)x)
#define LEAVE(x) __cyg_profile_func_exit((void*)x,(void*)x)
#else
#define ENTER(x)
#define LEAVE(x)
#endif
#ifdef QUICK_THREADS
// used when multi-threaded and some memory must not be freed
#define MK_THREAD(q) q->pad_1 = '\xee'
#define IS_THREAD(q) ( q->pad_1 == '\xee' )
#endif
// utility buffers of MAX_BUFSZ bytes each, available to
// any function following an openproc() call
static char *src_buffer,
*dst_buffer;
#define MAX_BUFSZ 1024*64*2
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
// dynamic 'utility' buffer support for file2str() calls
struct utlbuf_s {
char *buf; // dynamically grown buffer
int siz; // current len of the above
} utlbuf_s;
#ifndef SIGNAL_STRING
// convert hex string to unsigned long long
static unsigned long long unhex(const char *restrict cp){
unsigned long long ull = 0;
for(;;){
char c = *cp++;
if(!( (c >= '0' && c <= '9') ||
(c >= 'A' && c <= 'F') ||
(c >= 'a' && c <= 'f') )) break;
ull = (ull<<4) | (c - (c >= 'a' ? 'a'-10 : c >= 'A' ? 'A'-10 : '0'));
}
return ull;
}
#endif
2003-09-20 08:29:55 +00:00
static int task_dir_missing;
// free any additional dynamically acquired storage associated with a proc_t
// ( and if it's to be reused, refresh it otherwise destroy it )
static inline void free_acquired (proc_t *p, int reuse) {
#ifdef QUICK_THREADS
if (!IS_THREAD(p)) {
#endif
if (p->environ) free((void*)*p->environ);
if (p->cmdline) free((void*)*p->cmdline);
if (p->cgroup) free((void*)*p->cgroup);
if (p->cgname) free(p->cgname);
if (p->supgid) free(p->supgid);
if (p->supgrp) free(p->supgrp);
if (p->sd_mach) free(p->sd_mach);
if (p->sd_ouid) free(p->sd_ouid);
if (p->sd_seat) free(p->sd_seat);
if (p->sd_sess) free(p->sd_sess);
if (p->sd_slice) free(p->sd_slice);
if (p->sd_unit) free(p->sd_unit);
if (p->sd_uunit) free(p->sd_uunit);
#ifdef QUICK_THREADS
}
#endif
memset(p, reuse ? '\0' : '\xff', sizeof(*p));
}
2003-02-17 00:57:15 +00:00
///////////////////////////////////////////////////////////////////////////
2002-02-01 22:47:29 +00:00
2003-02-17 00:57:15 +00:00
typedef struct status_table_struct {
unsigned char name[8]; // /proc/*/status field name
2003-12-13 16:51:40 +00:00
unsigned char len; // name length
2003-02-17 00:57:15 +00:00
#ifdef LABEL_OFFSET
long offset; // jump address offset
#else
void *addr;
#endif
} status_table_struct;
#ifdef LABEL_OFFSET
2003-05-30 03:13:32 +00:00
#define F(x) {#x, sizeof(#x)-1, (long)(&&case_##x-&&base)},
2003-02-17 00:57:15 +00:00
#else
#define F(x) {#x, sizeof(#x)-1, &&case_##x},
#endif
#define NUL {"", 0, 0},
2002-12-03 09:07:59 +00:00
#define GPERF_TABLE_SIZE 128
2003-02-17 00:57:15 +00:00
// Derived from:
// gperf -7 --language=ANSI-C --key-positions=1,3,4 -C -n -c <if-not-piped>
// ( --key-positions verified by omission & reported "Computed positions" )
2003-12-13 16:51:40 +00:00
//
// Suggested method:
// Grep this file for "case_", then strip those down to the name.
// Eliminate duplicates (due to #ifs), the ' case_' prefix and
// any c comments. Leave the colon and newline so that "Pid:\n",
// "Threads:\n", etc. would be lines, but no quote, no escape, etc.
//
// After a pipe through gperf, insert the resulting 'asso_values'
// into our 'asso' array. Then convert the gperf 'wordlist' array
// into our 'table' array by wrapping the string literals within
// the F macro and replacing empty strings with the NUL define.
2003-12-13 16:51:40 +00:00
//
// In the status_table_struct watch out for name size (grrr, expanding)
// and the number of entries. Currently, the table is padded to 128
// entries and we therefore mask with 127.
2002-02-01 22:47:29 +00:00
2003-09-28 02:45:05 +00:00
static void status2proc(char *S, proc_t *restrict P, int is_proc){
2003-12-13 16:51:40 +00:00
long Threads = 0;
long Tgid = 0;
long Pid = 0;
// 128 entries because we trust the kernel to use ASCII names
2003-12-13 16:51:40 +00:00
static const unsigned char asso[] =
{
101, 101, 101, 101, 101, 101, 101, 101, 101, 101,
101, 101, 101, 101, 101, 101, 101, 101, 101, 101,
101, 101, 101, 101, 101, 101, 101, 101, 101, 101,
101, 101, 101, 101, 101, 101, 101, 101, 101, 101,
101, 101, 101, 101, 101, 101, 101, 101, 101, 101,
101, 101, 101, 101, 101, 101, 101, 101, 6, 101,
101, 101, 101, 101, 101, 45, 55, 25, 31, 50,
50, 10, 0, 35, 101, 101, 21, 101, 30, 101,
20, 36, 0, 5, 0, 40, 0, 0, 101, 101,
101, 101, 101, 101, 101, 101, 101, 30, 101, 15,
0, 1, 101, 10, 101, 10, 101, 101, 101, 25,
101, 40, 0, 101, 0, 50, 6, 40, 101, 1,
35, 101, 101, 101, 101, 101, 101, 101
2003-02-17 00:57:15 +00:00
};
2003-12-13 16:51:40 +00:00
static const status_table_struct table[GPERF_TABLE_SIZE] = {
F(VmHWM)
F(Threads)
NUL NUL NUL
F(VmRSS)
F(VmSwap)
NUL NUL NUL
F(Tgid)
F(VmStk)
NUL NUL NUL
F(VmSize)
F(Gid)
NUL NUL NUL
F(VmPTE)
F(VmPeak)
NUL NUL NUL
F(ShdPnd)
F(Pid)
NUL NUL NUL
F(PPid)
F(VmLib)
NUL NUL NUL
F(SigPnd)
F(VmLck)
NUL NUL NUL
2003-12-13 16:51:40 +00:00
F(SigCgt)
F(State)
NUL NUL NUL
F(CapPrm)
F(Uid)
NUL NUL NUL
F(SigIgn)
F(SigQ)
NUL NUL NUL
F(RssShmem)
F(Name)
NUL NUL NUL
F(CapInh)
F(VmData)
NUL NUL NUL
F(FDSize)
NUL NUL NUL NUL
F(SigBlk)
NUL NUL NUL NUL
F(CapEff)
NUL NUL NUL NUL
F(CapBnd)
NUL NUL NUL NUL
F(VmExe)
NUL NUL NUL NUL
F(Groups)
NUL NUL NUL NUL
F(RssAnon)
NUL NUL NUL NUL
F(RssFile)
2003-02-17 00:57:15 +00:00
};
2002-02-01 22:47:29 +00:00
2003-02-17 00:57:15 +00:00
#undef F
#undef NUL
2002-02-01 22:47:29 +00:00
2003-02-17 00:57:15 +00:00
ENTER(0x220);
goto base;
2003-02-12 08:15:53 +00:00
2003-02-17 00:57:15 +00:00
for(;;){
char *colon;
status_table_struct entry;
// advance to next line
S = strchr(S, '\n');
if(unlikely(!S)) break; // if no newline
S++;
// examine a field name (hash and compare)
base:
if(unlikely(!S[0] || !S[1] || !S[2] || !S[3])) break;
entry = table[(GPERF_TABLE_SIZE -1) & (asso[S[3]&127] + asso[S[2]&127] + asso[S[0]&127])];
2003-02-17 00:57:15 +00:00
colon = strchr(S, ':');
if(unlikely(!colon)) break;
if(unlikely(colon[1]!='\t')) break;
if(unlikely(colon-S != entry.len)) continue;
if(unlikely(memcmp(entry.name,S,colon-S))) continue;
S = colon+2; // past the '\t'
#ifdef LABEL_OFFSET
goto *(&&base + entry.offset);
2002-02-01 22:47:29 +00:00
#else
2003-02-17 00:57:15 +00:00
goto *entry.addr;
2002-02-01 22:47:29 +00:00
#endif
case_Name:
{ unsigned u = 0;
2003-02-18 03:51:03 +00:00
while(u < sizeof P->cmd - 1u){
2003-02-17 00:57:15 +00:00
int c = *S++;
if(unlikely(c=='\n')) break;
2003-02-18 03:51:03 +00:00
if(unlikely(c=='\0')) break; // should never happen
2003-02-17 00:57:15 +00:00
if(unlikely(c=='\\')){
c = *S++;
if(c=='\n') break; // should never happen
if(!c) break; // should never happen
if(c=='n') c='\n'; // else we assume it is '\\'
}
2003-02-18 03:51:03 +00:00
P->cmd[u++] = c;
2003-02-17 00:57:15 +00:00
}
2003-02-18 03:51:03 +00:00
P->cmd[u] = '\0';
S--; // put back the '\n' or '\0'
2003-02-17 00:57:15 +00:00
continue;
}
#ifdef SIGNAL_STRING
2003-02-17 00:57:15 +00:00
case_ShdPnd:
memcpy(P->signal, S, 16);
P->signal[16] = '\0';
2003-02-17 00:57:15 +00:00
continue;
case_SigBlk:
memcpy(P->blocked, S, 16);
P->blocked[16] = '\0';
continue;
case_SigCgt:
memcpy(P->sigcatch, S, 16);
P->sigcatch[16] = '\0';
continue;
case_SigIgn:
memcpy(P->sigignore, S, 16);
P->sigignore[16] = '\0';
continue;
case_SigPnd:
memcpy(P->_sigpnd, S, 16);
P->_sigpnd[16] = '\0';
2003-02-17 00:57:15 +00:00
continue;
#else
case_ShdPnd:
P->signal = unhex(S);
continue;
case_SigBlk:
P->blocked = unhex(S);
continue;
case_SigCgt:
P->sigcatch = unhex(S);
continue;
case_SigIgn:
P->sigignore = unhex(S);
continue;
case_SigPnd:
P->_sigpnd = unhex(S);
continue;
#endif
2003-02-17 00:57:15 +00:00
case_State:
P->state = *S;
continue;
case_Tgid:
2003-12-13 16:51:40 +00:00
Tgid = strtol(S,&S,10);
continue;
case_Pid:
Pid = strtol(S,&S,10);
continue;
case_PPid:
P->ppid = strtol(S,&S,10);
continue;
case_Threads:
Threads = strtol(S,&S,10);
2003-02-17 00:57:15 +00:00
continue;
case_Uid:
P->ruid = strtol(S,&S,10);
P->euid = strtol(S,&S,10);
P->suid = strtol(S,&S,10);
P->fuid = strtol(S,&S,10);
continue;
2003-12-13 16:51:40 +00:00
case_Gid:
P->rgid = strtol(S,&S,10);
P->egid = strtol(S,&S,10);
P->sgid = strtol(S,&S,10);
P->fgid = strtol(S,&S,10);
continue;
2003-02-17 00:57:15 +00:00
case_VmData:
P->vm_data = strtol(S,&S,10);
continue;
case_VmExe:
P->vm_exe = strtol(S,&S,10);
continue;
case_VmLck:
P->vm_lock = strtol(S,&S,10);
continue;
case_VmLib:
P->vm_lib = strtol(S,&S,10);
continue;
case_VmRSS:
P->vm_rss = strtol(S,&S,10);
continue;
case_RssAnon: // subset of VmRSS, linux-4.5
P->vm_rss_anon = strtol(S,&S,10);
continue;
case_RssFile: // subset of VmRSS, linux-4.5
P->vm_rss_file = strtol(S,&S,10);
continue;
case_RssShmem: // subset of VmRSS, linux-4.5
P->vm_rss_shared = strtol(S,&S,10);
continue;
2003-02-17 00:57:15 +00:00
case_VmSize:
P->vm_size = strtol(S,&S,10);
continue;
case_VmStk:
P->vm_stack = strtol(S,&S,10);
continue;
case_VmSwap: // Linux 2.6.34
P->vm_swap = strtol(S,&S,10);
continue;
case_Groups:
{ char *nl = strchr(S, '\n');
size_t j = nl ? (size_t)(nl - S) : strlen(S);
if (j > 0 && j < INT_MAX) {
P->supgid = xmalloc(j+1); // +1 in case space disappears
memcpy(P->supgid, S, j);
if (unlikely(' ' != P->supgid[--j])) ++j;
P->supgid[j] = '\0'; // whack the space or the newline
for ( ; j; j--)
if (' ' == P->supgid[j])
P->supgid[j] = ',';
library: standardize handling of cgroup, supgid Some inconsistencies have emerged during development of support for these relatively new proc_t fields. For example, a PROC_FILLCGROUP flag (via file2strvec) could return NULL in cgroup whereas PROC_EDITCGRPCVT (via fill_cgroup_cvt) *almost* guaranteed a return address (as is true for PROC_EDITCMDLCVT and cmdline). But even PROC_EDITCGRPCVT could return NULL if the kernel version was less than 2.6.24. Then with NULL ps would display a "-" while top would show "n/a". And while unlikely, with the PROC_FILLSTATUS flag (via status2proc) a NULL supgid address was theoretically possible and both ps and top would then show "n/a". This commit standardizes the following usage: . PROC_FILLSTATUS (via status2proc) guarantees a valid supgid address representing either a true comma delimited list or "-" . PROC_FILLCGROUP plus PROC_EDITCGRPCVT (via fill_cgroup_cvt) guarantees a cgroup single vector representing either a true control group hierarchy or "-" And as was true before, the following remains true: PROC_FILLCOM or PROC_FILLARG (via file2strvec) may return a NULL cmdline pointer . PROC_FILLCGROUP (via file2strvec) may return a NULL cgroup pointer . PROC_FILLCOM or PROC_FILLARG plus PROC_EDITCMDLCVT (via fill_cmdline_cvt) guarantees a cmdline single vector representing either a true command line or a bracketed program name . PROC_FILLSTATUS plus PROC_FILLSUPGRP (via supgrps_from_supgids) guarantees a valid supgrp address representing either a true comma delimited list or "-" Signed-off-by: Jim Warner <james.warner@comcast.net>
2012-06-28 00:00:01 -05:00
}
continue;
}
case_CapBnd:
case_CapEff:
case_CapInh:
case_CapPrm:
case_FDSize:
case_SigQ:
case_VmHWM: // 2005, peak VmRSS unless VmRSS is bigger
case_VmPTE:
case_VmPeak: // 2005, peak VmSize unless VmSize is bigger
continue;
2003-02-17 00:57:15 +00:00
}
2003-09-28 02:45:05 +00:00
#if 0
2003-09-28 02:45:05 +00:00
// recent kernels supply per-tgid pending signals
if(is_proc && *ShdPnd){
memcpy(P->signal, ShdPnd, 16);
P->signal[16] = '\0';
2003-09-28 02:45:05 +00:00
}
#endif
// recent kernels supply per-tgid pending signals
#ifdef SIGNAL_STRING
if(!is_proc || !P->signal[0]){
memcpy(P->signal, P->_sigpnd, 16);
P->signal[16] = '\0';
}
#else
if(!is_proc){
P->signal = P->_sigpnd;
}
#endif
2003-09-28 02:45:05 +00:00
2003-12-13 16:51:40 +00:00
// Linux 2.4.13-pre1 to max 2.4.xx have a useless "Tgid"
// that is not initialized for built-in kernel tasks.
// Only 2.6.0 and above have "Threads" (nlwp) info.
if(Threads){
P->nlwp = Threads;
P->tgid = Tgid; // the POSIX PID value
P->tid = Pid; // the thread ID
2003-12-13 16:51:40 +00:00
}else{
P->nlwp = 1;
P->tgid = Pid;
P->tid = Pid;
2003-12-13 16:51:40 +00:00
}
library: standardize handling of cgroup, supgid Some inconsistencies have emerged during development of support for these relatively new proc_t fields. For example, a PROC_FILLCGROUP flag (via file2strvec) could return NULL in cgroup whereas PROC_EDITCGRPCVT (via fill_cgroup_cvt) *almost* guaranteed a return address (as is true for PROC_EDITCMDLCVT and cmdline). But even PROC_EDITCGRPCVT could return NULL if the kernel version was less than 2.6.24. Then with NULL ps would display a "-" while top would show "n/a". And while unlikely, with the PROC_FILLSTATUS flag (via status2proc) a NULL supgid address was theoretically possible and both ps and top would then show "n/a". This commit standardizes the following usage: . PROC_FILLSTATUS (via status2proc) guarantees a valid supgid address representing either a true comma delimited list or "-" . PROC_FILLCGROUP plus PROC_EDITCGRPCVT (via fill_cgroup_cvt) guarantees a cgroup single vector representing either a true control group hierarchy or "-" And as was true before, the following remains true: PROC_FILLCOM or PROC_FILLARG (via file2strvec) may return a NULL cmdline pointer . PROC_FILLCGROUP (via file2strvec) may return a NULL cgroup pointer . PROC_FILLCOM or PROC_FILLARG plus PROC_EDITCMDLCVT (via fill_cmdline_cvt) guarantees a cmdline single vector representing either a true command line or a bracketed program name . PROC_FILLSTATUS plus PROC_FILLSUPGRP (via supgrps_from_supgids) guarantees a valid supgrp address representing either a true comma delimited list or "-" Signed-off-by: Jim Warner <james.warner@comcast.net>
2012-06-28 00:00:01 -05:00
if (!P->supgid)
P->supgid = xstrdup("-");
2003-02-17 00:57:15 +00:00
LEAVE(0x220);
}
#undef GPERF_TABLE_SIZE
2003-02-17 00:57:15 +00:00
static void supgrps_from_supgids (proc_t *p) {
char *g, *s;
int t;
if (!p->supgid || '-' == *p->supgid) {
p->supgrp = xstrdup("-");
return;
}
s = p->supgid;
t = 0;
do {
const int max = P_G_SZ+2;
char *end = NULL;
gid_t gid;
int len;
while (',' == *s) ++s;
gid = strtol(s, &end, 10);
if (end <= s) break;
s = end;
g = pwcache_get_group(gid);
if (t >= INT_MAX - max) break;
p->supgrp = xrealloc(p->supgrp, t + max);
len = snprintf(p->supgrp+t, max, "%s%s", t ? "," : "", g);
if (len <= 0) (p->supgrp+t)[len = 0] = '\0';
else if (len >= max) len = max-1;
t += len;
} while (*s);
}
2003-02-17 00:57:15 +00:00
///////////////////////////////////////////////////////////////////////
static void oomscore2proc(const char* S, proc_t *restrict P)
{
sscanf(S, "%d", &P->oom_score);
}
static void oomadj2proc(const char* S, proc_t *restrict P)
{
sscanf(S, "%d", &P->oom_adj);
}
///////////////////////////////////////////////////////////////////////
static const char *ns_names[] = {
[IPCNS] = "ipc",
[MNTNS] = "mnt",
[NETNS] = "net",
[PIDNS] = "pid",
[USERNS] = "user",
[UTSNS] = "uts",
};
const char *get_ns_name(int id) {
if (id < 0 || id >= NUM_NS)
return NULL;
return ns_names[id];
}
int get_ns_id(const char *name) {
int i;
if (!name)
return -1;
for (i = 0; i < NUM_NS; i++)
if (!strcmp(ns_names[i], name))
return i;
return -1;
}
static void ns2proc(const char *directory, proc_t *restrict p) {
char path[PROCPATHLEN];
struct stat sb;
int i;
for (i = 0; i < NUM_NS; i++) {
snprintf(path, sizeof(path), "%s/ns/%s", directory, ns_names[i]);
if (0 == stat(path, &sb))
p->ns[i] = (long)sb.st_ino;
#if 0
else // this allows a caller to distinguish
p->ns[i] = -errno; // between the ENOENT or EACCES errors
#endif
}
}
static void sd2proc(proc_t *restrict p) {
#if defined(WITH_SYSTEMD) || defined(WITH_ELOGIND)
char buf[64];
uid_t uid;
if (0 > sd_pid_get_machine_name(p->tid, &p->sd_mach))
p->sd_mach = strdup("-");
if (0 > sd_pid_get_owner_uid(p->tid, &uid))
p->sd_ouid = strdup("-");
else {
snprintf(buf, sizeof(buf), "%d", (int)uid);
p->sd_ouid = strdup(buf);
}
if (0 > sd_pid_get_session(p->tid, &p->sd_sess)) {
p->sd_sess = strdup("-");
p->sd_seat = strdup("-");
} else {
if (0 > sd_session_get_seat(p->sd_sess, &p->sd_seat))
p->sd_seat = strdup("-");
}
if (0 > sd_pid_get_slice(p->tid, &p->sd_slice))
p->sd_slice = strdup("-");
if (0 > sd_pid_get_unit(p->tid, &p->sd_unit))
p->sd_unit = strdup("-");
if (0 > sd_pid_get_user_unit(p->tid, &p->sd_uunit))
p->sd_uunit = strdup("-");
#else
p->sd_mach = strdup("?");
p->sd_ouid = strdup("?");
p->sd_seat = strdup("?");
p->sd_sess = strdup("?");
p->sd_slice = strdup("?");
p->sd_unit = strdup("?");
p->sd_uunit = strdup("?");
#endif
}
///////////////////////////////////////////////////////////////////////
2002-02-01 22:47:29 +00:00
2002-12-21 10:34:50 +00:00
// Reads /proc/*/stat files, being careful not to trip over processes with
// names like ":-) 1 2 3 4 5 6".
2002-11-25 10:16:33 +00:00
static void stat2proc(const char* S, proc_t *restrict P) {
size_t num;
2002-12-03 09:07:59 +00:00
char* tmp;
2003-02-17 00:57:15 +00:00
ENTER(0x160);
2002-02-01 22:47:29 +00:00
/* fill in default values for older kernels */
P->processor = 0;
2002-10-03 09:41:57 +00:00
P->rtprio = -1;
P->sched = -1;
2003-12-13 16:51:40 +00:00
P->nlwp = 0;
2002-12-03 09:07:59 +00:00
S = strchr(S, '(');
if(unlikely(!S)) return;
S++;
2002-12-21 06:22:00 +00:00
tmp = strrchr(S, ')');
if(unlikely(!tmp)) return;
if(unlikely(!tmp[1])) return;
2002-12-03 09:07:59 +00:00
num = tmp - S;
2002-12-07 08:34:03 +00:00
if(unlikely(num >= sizeof P->cmd)) num = sizeof P->cmd - 1;
2002-12-03 09:07:59 +00:00
memcpy(P->cmd, S, num);
P->cmd[num] = '\0';
S = tmp + 2; // skip ") "
sscanf(S,
2002-02-01 22:47:29 +00:00
"%c "
"%d %d %d %d %d "
2002-05-28 04:18:55 +00:00
"%lu %lu %lu %lu %lu "
"%llu %llu %llu %llu " /* utime stime cutime cstime */
2003-10-16 03:30:41 +00:00
"%ld %ld "
"%d "
"%ld "
"%llu " /* start_time */
2002-05-28 04:18:55 +00:00
"%lu "
2002-02-01 22:47:29 +00:00
"%ld "
2003-01-16 08:03:40 +00:00
"%lu %"KLF"u %"KLF"u %"KLF"u %"KLF"u %"KLF"u "
2002-02-01 22:47:29 +00:00
"%*s %*s %*s %*s " /* discard, no RT signals & Linux 2.1 used hex */
"%"KLF"u %*u %*u "
2002-10-03 09:41:57 +00:00
"%d %d "
"%lu %lu",
2002-02-01 22:47:29 +00:00
&P->state,
&P->ppid, &P->pgrp, &P->session, &P->tty, &P->tpgid,
2002-05-28 04:18:55 +00:00
&P->flags, &P->min_flt, &P->cmin_flt, &P->maj_flt, &P->cmaj_flt,
&P->utime, &P->stime, &P->cutime, &P->cstime,
2003-10-16 03:30:41 +00:00
&P->priority, &P->nice,
&P->nlwp,
&P->alarm,
2002-05-28 04:18:55 +00:00
&P->start_time,
&P->vsize,
2002-02-01 22:47:29 +00:00
&P->rss,
&P->rss_rlim, &P->start_code, &P->end_code, &P->start_stack, &P->kstk_esp, &P->kstk_eip,
/* P->signal, P->blocked, P->sigignore, P->sigcatch, */ /* can't use */
2004-04-13 03:56:52 +00:00
&P->wchan, /* &P->nswap, &P->cnswap, */ /* nswap and cnswap dead for 2.4.xx and up */
2002-02-01 22:47:29 +00:00
/* -- Linux 2.0.35 ends here -- */
2002-10-03 09:41:57 +00:00
&P->exit_signal, &P->processor, /* 2.2.1 ends with "exit_signal" */
/* -- Linux 2.2.8 to 2.5.17 end here -- */
&P->rtprio, &P->sched /* both added to 2.5.18 */
2002-02-01 22:47:29 +00:00
);
2003-12-13 16:51:40 +00:00
if(!P->nlwp){
P->nlwp = 1;
}
2003-02-17 00:57:15 +00:00
LEAVE(0x160);
2002-02-01 22:47:29 +00:00
}
2003-02-17 00:57:15 +00:00
/////////////////////////////////////////////////////////////////////////
2002-11-25 10:16:33 +00:00
static void statm2proc(const char* s, proc_t *restrict P) {
misc: eliminate all those remaining gcc -Wall warnings Reference(s): proc/readproc.c: In function 'statm2proc' proc/readproc.c:627:9: warning: variable 'num' set but not used [-Wunused-but-set-variable] ps/output.c: In function 'pr_context': ps/output.c:1273:14: warning: unused variable 'tried_load' [-Wunused-variable] ps/output.c:1272:16: warning: unused variable 'ps_is_selinux_enabled' [-Wunused-variable] ps/output.c:1272:16: warning: 'ps_is_selinux_enabled' defined but not used [-Wunused-variable] ps/output.c:1273:14: warning: 'tried_load' defined but not used [-Wunused-variable] ps/output.c:1837:18: warning: 'shortsort_array_count' defined but not used [-Wunused-const-variable=] ps/output.c:1803:18: warning: 'aix_array_count' defined but not used [-Wunused-const-variable=] ps/parser.c: In function 'arg_type': ps/parser.c:1098:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ps/parser.c:1099:34: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if' ps/sortformat.c: In function 'format_parse': ps/sortformat.c:241:1: warning: label 'out' defined but not used [-Wunused-label] ps/stacktrace.c:176:13: warning: 'stack_trace_sigsegv' defined but not used [-Wunused-function] watch.c: In function 'process_ansi': watch.c:234:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] watch.c:237:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if' Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-05-13 00:01:00 -05:00
sscanf(s, "%ld %ld %ld %ld %ld %ld %ld",
2002-02-01 22:47:29 +00:00
&P->size, &P->resident, &P->share,
&P->trs, &P->lrs, &P->drs, &P->dt);
}
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
static int file2str(const char *directory, const char *what, struct utlbuf_s *ub) {
#define buffGRW 1024
char path[PROCPATHLEN];
int fd, num, tot_read = 0, len;
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
/* on first use we preallocate a buffer of minimum size to emulate
former 'local static' behavior -- even if this read fails, that
buffer will likely soon be used for another subdirectory anyway
( besides, with this xcalloc we will never need to use memcpy ) */
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (ub->buf) ub->buf[0] = '\0';
else ub->buf = xcalloc((ub->siz = buffGRW));
len = snprintf(path, sizeof path, "%s/%s", directory, what);
if (len <= 0 || (size_t)len >= sizeof path) return -1;
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (-1 == (fd = open(path, O_RDONLY, 0))) return -1;
while (0 < (num = read(fd, ub->buf + tot_read, ub->siz - tot_read))) {
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
tot_read += num;
if (tot_read < ub->siz) break;
if (ub->siz >= INT_MAX - buffGRW) {
tot_read--;
break;
}
ub->buf = xrealloc(ub->buf, (ub->siz += buffGRW));
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
};
ub->buf[tot_read] = '\0';
2002-02-01 22:47:29 +00:00
close(fd);
if (unlikely(tot_read < 1)) return -1;
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
return tot_read;
#undef buffGRW
2002-02-01 22:47:29 +00:00
}
2002-10-12 04:25:57 +00:00
static char** file2strvec(const char* directory, const char* what) {
2002-02-01 22:47:29 +00:00
char buf[2048]; /* read buf bytes at a time */
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
char *p, *rbuf = 0, *endbuf, **q, **ret, *strp;
2002-02-01 22:47:29 +00:00
int fd, tot = 0, n, c, end_of_file = 0;
int align;
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
const int len = snprintf(buf, sizeof buf, "%s/%s", directory, what);
if(len <= 0 || (size_t)len >= sizeof buf) return NULL;
2002-12-03 09:07:59 +00:00
fd = open(buf, O_RDONLY, 0);
if(fd==-1) return NULL;
2002-02-01 22:47:29 +00:00
/* read whole file into a memory buffer, allocating as we go */
while ((n = read(fd, buf, sizeof buf - 1)) >= 0) {
2002-10-13 20:32:09 +00:00
if (n < (int)(sizeof buf - 1))
2002-02-01 22:47:29 +00:00
end_of_file = 1;
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
if (n <= 0 && tot <= 0) { /* nothing read now, nothing read before */
break; /* process died between our open and read */
}
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
/* ARG_LEN is our guesstimated median length of a command-line argument
or environment variable (the minimum is 1, the maximum is 131072) */
#define ARG_LEN 64
if (tot >= INT_MAX / (ARG_LEN + (int)sizeof(char*)) * ARG_LEN - n) {
end_of_file = 1; /* integer overflow: null-terminate and break */
n = 0; /* but tot > 0 */
2002-02-01 22:47:29 +00:00
}
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
#undef ARG_LEN
if (end_of_file &&
((n > 0 && buf[n-1] != '\0') || /* last read char not null */
(n <= 0 && rbuf[tot-1] != '\0'))) /* last read char not null */
2002-02-01 22:47:29 +00:00
buf[n++] = '\0'; /* so append null-terminator */
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
if (n <= 0) break; /* unneeded (end_of_file = 1) but avoid realloc */
2002-02-01 22:47:29 +00:00
rbuf = xrealloc(rbuf, tot + n); /* allocate more memory */
memcpy(rbuf + tot, buf, n); /* copy buffer into it */
tot += n; /* increment total byte ctr */
if (end_of_file)
break;
}
close(fd);
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
if (n < 0 || tot <= 0) { /* error, or nothing read */
2002-02-01 22:47:29 +00:00
if (rbuf) free(rbuf);
return NULL; /* read error */
}
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
rbuf[tot-1] = '\0'; /* belt and suspenders (the while loop did it, too) */
2002-02-01 22:47:29 +00:00
endbuf = rbuf + tot; /* count space for pointers */
align = (sizeof(char*)-1) - ((tot + sizeof(char*)-1) & (sizeof(char*)-1));
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
c = sizeof(char*); /* one extra for NULL term */
for (p = rbuf; p < endbuf; p++) {
if (!*p || *p == '\n') {
if (c >= INT_MAX - (tot + (int)sizeof(char*) + align)) break;
2002-02-01 22:47:29 +00:00
c += sizeof(char*);
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
}
if (*p == '\n')
*p = 0;
}
2002-02-01 22:47:29 +00:00
rbuf = xrealloc(rbuf, tot + c + align); /* make room for ptrs AT END */
endbuf = rbuf + tot; /* addr just past data buf */
q = ret = (char**) (endbuf+align); /* ==> free(*ret) to dealloc */
proc/readproc.c: Fix bugs and overflows in file2strvec(). Note: this is by far the most important and complex patch of the whole series, please review it carefully; thank you very much! For this patch, we decided to keep the original function's design and skeleton, to avoid regressions and behavior changes, while fixing the various bugs and overflows. And like the "Harden file2str()" patch, this patch does not fail when about to overflow, but truncates instead: there is information available about this process, so return it to the caller; also, we used INT_MAX as a limit, but a lower limit could be used. The easy changes: - Replace sprintf() with snprintf() (and check for truncation). - Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and do break instead of return: it simplifies the code (only one place to handle errors), and also guarantees that in the while loop either n or tot is > 0 (or both), even if n is reset to 0 when about to overflow. - Remove the "if (n < 0)" block in the while loop: it is (and was) dead code, since we enter the while loop only if n >= 0. - Rewrite the missing-null-terminator detection: in the original function, if the size of the file is a multiple of 2047, a null- terminator is appended even if the file is already null-terminated. - Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)": originally, it was equivalent to "if (n < 0)", but we added "tot <= 0" to handle the first break of the while loop, and to guarantee that in the rest of the function tot is > 0. - Double-force ("belt and suspenders") the null-termination of rbuf: this is (and was) essential to the correctness of the function. - Replace the final "while" loop with a "for" loop that behaves just like the preceding "for" loop: in the original function, this would lead to unexpected results (for example, if rbuf is |\0|A|\0|, this would return the array {"",NULL} but should return {"","A",NULL}; and if rbuf is |A|\0|B| (should never happen because rbuf should be null- terminated), this would make room for two pointers in ret, but would write three pointers to ret). The hard changes: - Prevent the integer overflow of tot in the while loop, but unlike file2str(), file2strvec() cannot let tot grow until it almost reaches INT_MAX, because it needs more space for the pointers: this is why we introduced ARG_LEN, which also guarantees that we can add "align" and a few sizeof(char*)s to tot without overflowing. - Prevent the integer overflow of "tot + c + align": when INT_MAX is (almost) reached, we write the maximal safe amount of pointers to ret (ARG_LEN guarantees that there is always space for *ret = rbuf and the NULL terminator).
-
for (strp = p = rbuf; p < endbuf; p++) {
if (!*p) { /* NUL char implies that */
if (c < 2 * (int)sizeof(char*)) break;
c -= sizeof(char*);
*q++ = strp; /* point ptrs to the strings */
strp = p+1; /* next string -> next char */
}
}
2002-02-01 22:47:29 +00:00
*q = 0; /* null ptr list terminator */
return ret;
}
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
// this is the former under utilized 'read_cmdline', which has been
// generalized in support of these new libproc flags:
// PROC_EDITCGRPCVT, PROC_EDITCMDLCVT and PROC_EDITENVRCVT
static int read_unvectored(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep) {
char path[PROCPATHLEN];
int fd, len;
2002-12-03 09:18:27 +00:00
unsigned n = 0;
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
if(sz <= 0) return 0;
if(sz >= INT_MAX) sz = INT_MAX-1;
dst[0] = '\0';
len = snprintf(path, sizeof(path), "%s/%s", whom, what);
if(len <= 0 || (size_t)len >= sizeof(path)) return 0;
fd = open(path, O_RDONLY);
2002-12-03 09:18:27 +00:00
if(fd==-1) return 0;
2002-12-03 09:07:59 +00:00
for(;;){
ssize_t r = read(fd,dst+n,sz-n);
if(r==-1){
if(errno==EINTR) continue;
break;
}
if(r<=0) break; // EOF
2002-12-03 09:07:59 +00:00
n += r;
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
if(n==sz) { // filled the buffer
--n; // make room for '\0'
break;
}
2002-12-03 09:07:59 +00:00
}
close(fd);
2002-12-03 09:07:59 +00:00
if(n){
unsigned i = n;
while(i && dst[i-1]=='\0') --i; // skip trailing zeroes
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
while(i--)
if(dst[i]=='\n' || dst[i]=='\0') dst[i]=sep;
if(dst[n-1]==' ') dst[n-1]='\0';
2002-12-03 09:07:59 +00:00
}
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
dst[n] = '\0';
2002-12-03 09:07:59 +00:00
return n;
}
2002-02-01 22:47:29 +00:00
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
static char** vectorize_this_str (const char* src) {
#define pSZ (sizeof(char*))
char *cpy, **vec;
size_t adj, tot;
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
tot = strlen(src) + 1; // prep for our vectors
if (tot < 1 || tot >= INT_MAX) tot = INT_MAX-1; // integer overflow?
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
adj = (pSZ-1) - ((tot + pSZ-1) & (pSZ-1)); // calc alignment bytes
cpy = xcalloc(tot + adj + (2 * pSZ)); // get new larger buffer
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
snprintf(cpy, tot, "%s", src); // duplicate their string
vec = (char**)(cpy + tot + adj); // prep pointer to pointers
*vec = cpy; // point 1st vector to string
*(vec+1) = NULL; // null ptr 'list' delimit
return vec; // ==> free(*vec) to dealloc
#undef pSZ
}
// This routine reads a 'cgroup' for the designated proc_t.
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
// It is similar to file2strvec except we filter and concatenate
// the data into a single string represented as a single vector.
static void fill_cgroup_cvt (const char* directory, proc_t *restrict p) {
#define vMAX ( MAX_BUFSZ - (int)(dst - dst_buffer) )
char *src, *dst, *grp, *eob, *name;
int tot, x, whackable_int = MAX_BUFSZ, len;
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
*(dst = dst_buffer) = '\0'; // empty destination
tot = read_unvectored(src_buffer, MAX_BUFSZ, directory, "cgroup", '\0');
for (src = src_buffer, eob = src_buffer + tot; src < eob; src += x) {
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
x = 1; // loop assist
if (!*src) continue;
x = strlen((grp = src));
if ('/' == grp[x - 1]) continue; // skip empty root cgroups
#if 0
grp += strspn(grp, "0123456789:"); // jump past group number
#endif
if (vMAX <= 1) break;
len = snprintf(dst, vMAX, "%s", (dst > dst_buffer) ? "," : "");
if (len < 0 || len >= vMAX) break;
dst += len;
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
dst += escape_str(dst, grp, vMAX, &whackable_int);
}
p->cgroup = vectorize_this_str(dst_buffer[0] ? dst_buffer : "-");
name = strstr(p->cgroup[0], ":name=");
if (name && *(name+6)) name += 6; else name = p->cgroup[0];
p->cgname = strdup(name);
#undef vMAX
}
// This routine reads a 'cmdline' for the designated proc_t, "escapes"
// the result into a single string represented as a single vector
// and guarantees the caller a valid proc_t.cmdline pointer.
static void fill_cmdline_cvt (const char* directory, proc_t *restrict p) {
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
#define uFLG ( ESC_BRACKETS | ESC_DEFUNCT )
int whackable_int = MAX_BUFSZ;
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
if (read_unvectored(src_buffer, MAX_BUFSZ, directory, "cmdline", ' '))
escape_str(dst_buffer, src_buffer, MAX_BUFSZ, &whackable_int);
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
else
escape_command(dst_buffer, p, MAX_BUFSZ, &whackable_int, uFLG);
p->cmdline = vectorize_this_str(dst_buffer);
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
#undef uFLG
}
// This routine reads an 'environ' for the designated proc_t and
// guarantees the caller a valid proc_t.environ pointer.
static void fill_environ_cvt (const char* directory, proc_t *restrict p) {
int whackable_int = MAX_BUFSZ;
dst_buffer[0] = '\0';
if (read_unvectored(src_buffer, MAX_BUFSZ, directory, "environ", ' '))
escape_str(dst_buffer, src_buffer, MAX_BUFSZ, &whackable_int);
p->environ = vectorize_this_str(dst_buffer[0] ? dst_buffer : "-");
}
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
// warning: interface may change
int read_cmdline(char *restrict const dst, unsigned sz, unsigned pid) {
char path[PROCPATHLEN];
snprintf(path, sizeof(path), "/proc/%u", pid);
return read_unvectored(dst, sz, path, "cmdline", ' ');
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
}
// Provide the means to value proc_t.lxcname (perhaps only with "-") while
// tracking all names already seen thus avoiding the overhead of repeating
// malloc() and free() calls.
static const char *lxc_containers (const char *path) {
static struct utlbuf_s ub = { NULL, 0 }; // util buffer for whole cgroup
static char lxc_none[] = "-";
/*
try to locate the lxc delimiter eyecatcher somewhere in a task's cgroup
directory -- the following are from nested privileged plus unprivileged
containers, where the '/lxc/' delimiter precedes the container name ...
10:cpuset:/lxc/lxc-P/lxc/lxc-P-nested
10:cpuset:/user.slice/user-1000.slice/session-c2.scope/lxc/lxc-U/lxc/lxc-U-nested
... some minor complications are the potential addition of more cgroups
for a controller displacing the lxc name (normally last on a line), and
environments with unexpected /proc/##/cgroup ordering/contents as with:
10:cpuset:/lxc/lxc-P/lxc/lxc-P-nested/MY-NEW-CGROUP
or
2:name=systemd:/
1:cpuset,cpu,cpuacct,devices,freezer,net_cls,blkio,perf_event,net_prio:/lxc/lxc-P
*/
if (file2str(path, "cgroup", &ub) > 0) {
static const char lxc_delm[] = "/lxc/";
char *p1;
if ((p1 = strstr(ub.buf, lxc_delm))) {
static struct lxc_ele {
struct lxc_ele *next;
const char *name;
} *anchor = NULL;
struct lxc_ele *ele = anchor;
char *p2;
if ((p2 = strchr(p1, '\n'))) // isolate a controller's line
*p2 = '\0';
do { // deal with nested containers
p2 = p1 + (sizeof(lxc_delm)-1);
p1 = strstr(p2, lxc_delm);
} while (p1);
if ((p1 = strchr(p2, '/'))) // isolate name only substring
*p1 = '\0';
while (ele) { // have we already seen a name
if (!strcmp(ele->name, p2))
return ele->name; // return just a recycled name
ele = ele->next;
}
ele = (struct lxc_ele *)xmalloc(sizeof(struct lxc_ele));
ele->name = xstrdup(p2);
ele->next = anchor; // push the new container name
anchor = ele;
return ele->name; // return a new container name
}
}
return lxc_none;
}
///////////////////////////////////////////////////////////////////////
2002-02-01 22:47:29 +00:00
/* These are some nice GNU C expression subscope "inline" functions.
* The can be used with arbitrary types and evaluate their arguments
* exactly once.
*/
/* Test if item X of type T is present in the 0 terminated list L */
# define XinL(T, X, L) ( { \
T x = (X), *l = (L); \
while (*l && *l != x) l++; \
*l == x; \
} )
/* Test if item X of type T is present in the list L of length N */
# define XinLN(T, X, L, N) ( { \
T x = (X), *l = (L); \
int i = 0, n = (N); \
while (i < n && l[i] != x) i++; \
i < n && l[i] == x; \
} )
2003-09-17 21:58:32 +00:00
//////////////////////////////////////////////////////////////////////////////////
// This reads process info from /proc in the traditional way, for one process.
// The pid (tgid? tid?) is already in p, and a path to it in path, with some
// room to spare.
2003-09-20 08:29:55 +00:00
static proc_t* simple_readproc(PROCTAB *restrict const PT, proc_t *restrict const p) {
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
static struct utlbuf_s ub = { NULL, 0 }; // buf for stat,statm,status
static struct stat sb; // stat() buffer
2003-09-20 08:29:55 +00:00
char *restrict const path = PT->path;
2003-09-17 21:58:32 +00:00
unsigned flags = PT->flags;
2002-02-01 22:47:29 +00:00
if (unlikely(stat(path, &sb) == -1)) /* no such dirent (anymore) */
goto next_proc;
2002-09-27 13:48:00 +00:00
2002-10-22 06:12:12 +00:00
if ((flags & PROC_UID) && !XinLN(uid_t, sb.st_uid, PT->uids, PT->nuid))
goto next_proc; /* not one of the requested uids */
2002-02-01 22:47:29 +00:00
p->euid = sb.st_uid; /* need a way to get real uid */
p->egid = sb.st_gid; /* need a way to get real gid */
2002-09-27 13:48:00 +00:00
if (flags & PROC_FILLSTAT) { // read /proc/#/stat
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (unlikely(file2str(path, "stat", &ub) == -1))
goto next_proc;
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
stat2proc(ub.buf, p);
2002-12-08 18:51:56 +00:00
}
2002-02-01 22:47:29 +00:00
if (flags & PROC_FILLMEM) { // read /proc/#/statm
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (likely(file2str(path, "statm", &ub) != -1))
statm2proc(ub.buf, p);
}
2002-02-01 22:47:29 +00:00
if (flags & PROC_FILLSTATUS) { // read /proc/#/status
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (likely(file2str(path, "status", &ub) != -1)){
status2proc(ub.buf, p, 1);
if (flags & PROC_FILLSUPGRP)
supgrps_from_supgids(p);
}
2002-02-01 22:47:29 +00:00
}
// if multithreaded, some values are crap
if(p->nlwp > 1){
p->wchan = (KLONG)~0ull;
}
/* some number->text resolving which is time consuming */
2002-10-22 06:12:12 +00:00
if (flags & PROC_FILLUSR){
memcpy(p->euser, pwcache_get_user(p->euid), sizeof p->euser);
2002-10-22 06:12:12 +00:00
if(flags & PROC_FILLSTATUS) {
memcpy(p->ruser, pwcache_get_user(p->ruid), sizeof p->ruser);
memcpy(p->suser, pwcache_get_user(p->suid), sizeof p->suser);
memcpy(p->fuser, pwcache_get_user(p->fuid), sizeof p->fuser);
}
}
/* some number->text resolving which is time consuming */
2002-10-22 06:12:12 +00:00
if (flags & PROC_FILLGRP){
memcpy(p->egroup, pwcache_get_group(p->egid), sizeof p->egroup);
2002-10-22 06:12:12 +00:00
if(flags & PROC_FILLSTATUS) {
memcpy(p->rgroup, pwcache_get_group(p->rgid), sizeof p->rgroup);
memcpy(p->sgroup, pwcache_get_group(p->sgid), sizeof p->sgroup);
memcpy(p->fgroup, pwcache_get_group(p->fgid), sizeof p->fgroup);
2002-02-01 22:47:29 +00:00
}
}
if (unlikely(flags & PROC_FILLENV)) { // read /proc/#/environ
if (flags & PROC_EDITENVRCVT)
fill_environ_cvt(path, p);
else
p->environ = file2strvec(path, "environ");
}
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
if (flags & (PROC_FILLCOM|PROC_FILLARG)) { // read /proc/#/cmdline
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
if (flags & PROC_EDITCMDLCVT)
fill_cmdline_cvt(path, p);
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
else
p->cmdline = file2strvec(path, "cmdline");
}
library: standardize handling of cgroup, supgid Some inconsistencies have emerged during development of support for these relatively new proc_t fields. For example, a PROC_FILLCGROUP flag (via file2strvec) could return NULL in cgroup whereas PROC_EDITCGRPCVT (via fill_cgroup_cvt) *almost* guaranteed a return address (as is true for PROC_EDITCMDLCVT and cmdline). But even PROC_EDITCGRPCVT could return NULL if the kernel version was less than 2.6.24. Then with NULL ps would display a "-" while top would show "n/a". And while unlikely, with the PROC_FILLSTATUS flag (via status2proc) a NULL supgid address was theoretically possible and both ps and top would then show "n/a". This commit standardizes the following usage: . PROC_FILLSTATUS (via status2proc) guarantees a valid supgid address representing either a true comma delimited list or "-" . PROC_FILLCGROUP plus PROC_EDITCGRPCVT (via fill_cgroup_cvt) guarantees a cgroup single vector representing either a true control group hierarchy or "-" And as was true before, the following remains true: PROC_FILLCOM or PROC_FILLARG (via file2strvec) may return a NULL cmdline pointer . PROC_FILLCGROUP (via file2strvec) may return a NULL cgroup pointer . PROC_FILLCOM or PROC_FILLARG plus PROC_EDITCMDLCVT (via fill_cmdline_cvt) guarantees a cmdline single vector representing either a true command line or a bracketed program name . PROC_FILLSTATUS plus PROC_FILLSUPGRP (via supgrps_from_supgids) guarantees a valid supgrp address representing either a true comma delimited list or "-" Signed-off-by: Jim Warner <james.warner@comcast.net>
2012-06-28 00:00:01 -05:00
if ((flags & PROC_FILLCGROUP)) { // read /proc/#/cgroup
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
if (flags & PROC_EDITCGRPCVT)
fill_cgroup_cvt(path, p);
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
else
p->cgroup = file2strvec(path, "cgroup");
}
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
if (unlikely(flags & PROC_FILLOOM)) {
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (likely(file2str(path, "oom_score", &ub) != -1))
oomscore2proc(ub.buf, p);
if (likely(file2str(path, "oom_adj", &ub) != -1))
oomadj2proc(ub.buf, p);
enhanced libproc cgroup/cmdline support, exploited by top Library Changes . added PROC_EDITCMDLCVT flag . added an internal (static) fill_cmdline_cvt function: - reads and "escapes" /proc/#/cmdline - returns result as a single string in a single vector - callers are guaranteed a cmdline (no more NULL) . added vectorize_this_str function, exploited by fill_cgroup_cvt, fill_cmdline_cvt . generalized read_cmdline function as read_unvectored, now exploited by fill_cgroup_cvt, fill_cmdline_cvt, read_cmdline ( cgroup and cmdline no longer need be converted to string ) ( vectors before being transformed to final representation ) . fixed bug regarding skipped group numbers (when enabled) . escape_str made responsible for all single byte translation with distinction between control chars + other unprintable . added escaped_copy function for already escaped strings . reorganized parts of proc_t to restore formatting standards ( displacement changes shouldn't matter with new version # ) . former ZAP_SUSEONLY #define now OOMEM_ENABLE . added to library.map: escaped_copy; read_cmdline Top Program Changes . exploited the new PROC_EDITCMDLCVT provision . eliminated now obsolete #include "proc/escape.h" . changed the P_WCH display format if no kernel symbol table . fixed very old bug in lflgs for out-of-view sort fields . former ZAP_SUSEONLY #define now OOMEM_ENABLE Ps Program Changes . exploited the new PROC_EDITCMDLCVT provision . exploited the new escaped_copy function . consolidated pr_args and pr_comm into pr_argcom Signed-off-by: Jan Görig <jgorig@redhat.com>
2011-05-18 10:33:44 +02:00
}
if (unlikely(flags & PROC_FILLNS)) // read /proc/#/ns/*
ns2proc(path, p);
if (unlikely(flags & PROC_FILLSYSTEMD)) // get sd-login.h stuff
sd2proc(p);
if (unlikely(flags & PROC_FILL_LXC)) // value the lxc name
p->lxcname = lxc_containers(path);
2002-02-01 22:47:29 +00:00
return p;
2003-09-17 21:58:32 +00:00
next_proc:
return NULL;
}
2003-09-20 08:29:55 +00:00
//////////////////////////////////////////////////////////////////////////////////
// This reads /proc/*/task/* data, for one task.
#ifdef QUICK_THREADS
// p is the POSIX process (task group summary) & source for some copies if !NULL
#else
2003-09-20 08:29:55 +00:00
// p is the POSIX process (task group summary) (not needed by THIS implementation)
#endif
2003-09-20 08:29:55 +00:00
// t is the POSIX thread (task group member, generally not the leader)
// path is a path to the task, with some room to spare.
static proc_t* simple_readtask(PROCTAB *restrict const PT, const proc_t *restrict const p, proc_t *restrict const t, char *restrict const path) {
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
static struct utlbuf_s ub = { NULL, 0 }; // buf for stat,statm,status
static struct stat sb; // stat() buffer
2003-09-20 08:29:55 +00:00
unsigned flags = PT->flags;
if (unlikely(stat(path, &sb) == -1)) /* no such dirent (anymore) */
goto next_task;
2003-09-20 08:29:55 +00:00
// if ((flags & PROC_UID) && !XinLN(uid_t, sb.st_uid, PT->uids, PT->nuid))
// goto next_task; /* not one of the requested uids */
2003-09-20 08:29:55 +00:00
t->euid = sb.st_uid; /* need a way to get real uid */
t->egid = sb.st_gid; /* need a way to get real gid */
2003-09-20 08:29:55 +00:00
if (flags & PROC_FILLSTAT) { // read /proc/#/task/#/stat
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (unlikely(file2str(path, "stat", &ub) == -1))
goto next_task;
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
stat2proc(ub.buf, t);
2003-09-20 08:29:55 +00:00
}
#ifndef QUICK_THREADS
if (flags & PROC_FILLMEM) // read /proc/#/task/#statm
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (likely(file2str(path, "statm", &ub) != -1))
statm2proc(ub.buf, t);
2003-09-28 02:45:05 +00:00
#endif
2003-09-20 08:29:55 +00:00
if (flags & PROC_FILLSTATUS) { // read /proc/#/task/#/status
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (likely(file2str(path, "status", &ub) != -1)) {
status2proc(ub.buf, t, 0);
#ifndef QUICK_THREADS
if (flags & PROC_FILLSUPGRP)
supgrps_from_supgids(t);
#endif
}
2003-09-20 08:29:55 +00:00
}
/* some number->text resolving which is time consuming */
if (flags & PROC_FILLUSR){
memcpy(t->euser, pwcache_get_user(t->euid), sizeof t->euser);
2003-09-20 08:29:55 +00:00
if(flags & PROC_FILLSTATUS) {
memcpy(t->ruser, pwcache_get_user(t->ruid), sizeof t->ruser);
memcpy(t->suser, pwcache_get_user(t->suid), sizeof t->suser);
memcpy(t->fuser, pwcache_get_user(t->fuid), sizeof t->fuser);
2003-09-20 08:29:55 +00:00
}
}
/* some number->text resolving which is time consuming */
if (flags & PROC_FILLGRP){
memcpy(t->egroup, pwcache_get_group(t->egid), sizeof t->egroup);
2003-09-20 08:29:55 +00:00
if(flags & PROC_FILLSTATUS) {
memcpy(t->rgroup, pwcache_get_group(t->rgid), sizeof t->rgroup);
memcpy(t->sgroup, pwcache_get_group(t->sgid), sizeof t->sgroup);
memcpy(t->fgroup, pwcache_get_group(t->fgid), sizeof t->fgroup);
2003-09-20 08:29:55 +00:00
}
}
#ifdef QUICK_THREADS
if (!p) {
if (flags & PROC_FILLMEM)
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (likely(file2str(path, "statm", &ub) != -1))
statm2proc(ub.buf, t);
if (flags & PROC_FILLSUPGRP)
supgrps_from_supgids(t);
#endif
if (unlikely(flags & PROC_FILLENV)) { // read /proc/#/task/#/environ
if (flags & PROC_EDITENVRCVT)
fill_environ_cvt(path, t);
else
t->environ = file2strvec(path, "environ");
}
2003-09-20 08:29:55 +00:00
if (flags & (PROC_FILLCOM|PROC_FILLARG)) { // read /proc/#/task/#/cmdline
if (flags & PROC_EDITCMDLCVT)
fill_cmdline_cvt(path, t);
else
t->cmdline = file2strvec(path, "cmdline");
}
library: standardize handling of cgroup, supgid Some inconsistencies have emerged during development of support for these relatively new proc_t fields. For example, a PROC_FILLCGROUP flag (via file2strvec) could return NULL in cgroup whereas PROC_EDITCGRPCVT (via fill_cgroup_cvt) *almost* guaranteed a return address (as is true for PROC_EDITCMDLCVT and cmdline). But even PROC_EDITCGRPCVT could return NULL if the kernel version was less than 2.6.24. Then with NULL ps would display a "-" while top would show "n/a". And while unlikely, with the PROC_FILLSTATUS flag (via status2proc) a NULL supgid address was theoretically possible and both ps and top would then show "n/a". This commit standardizes the following usage: . PROC_FILLSTATUS (via status2proc) guarantees a valid supgid address representing either a true comma delimited list or "-" . PROC_FILLCGROUP plus PROC_EDITCGRPCVT (via fill_cgroup_cvt) guarantees a cgroup single vector representing either a true control group hierarchy or "-" And as was true before, the following remains true: PROC_FILLCOM or PROC_FILLARG (via file2strvec) may return a NULL cmdline pointer . PROC_FILLCGROUP (via file2strvec) may return a NULL cgroup pointer . PROC_FILLCOM or PROC_FILLARG plus PROC_EDITCMDLCVT (via fill_cmdline_cvt) guarantees a cmdline single vector representing either a true command line or a bracketed program name . PROC_FILLSTATUS plus PROC_FILLSUPGRP (via supgrps_from_supgids) guarantees a valid supgrp address representing either a true comma delimited list or "-" Signed-off-by: Jim Warner <james.warner@comcast.net>
2012-06-28 00:00:01 -05:00
if ((flags & PROC_FILLCGROUP)) { // read /proc/#/task/#/cgroup
if (flags & PROC_EDITCGRPCVT)
fill_cgroup_cvt(path, t);
else
t->cgroup = file2strvec(path, "cgroup");
}
if (unlikely(flags & PROC_FILLSYSTEMD)) // get sd-login.h stuff
sd2proc(t);
if (unlikely(flags & PROC_FILL_LXC)) // value the lxc name
t->lxcname = lxc_containers(path);
#ifdef QUICK_THREADS
} else {
t->size = p->size;
t->resident = p->resident;
t->share = p->share;
t->trs = p->trs;
t->lrs = p->lrs;
t->drs = p->drs;
t->dt = p->dt;
t->cmdline = p->cmdline; // better not free these until done with all threads!
t->environ = p->environ;
t->cgname = p->cgname;
t->cgroup = p->cgroup;
if (t->supgid) free(t->supgid);
t->supgid = p->supgid;
t->supgrp = p->supgrp;
t->sd_mach = p->sd_mach;
t->sd_ouid = p->sd_ouid;
t->sd_seat = p->sd_seat;
t->sd_sess = p->sd_sess;
t->sd_slice = p->sd_slice;
t->sd_unit = p->sd_unit;
t->sd_uunit = p->sd_uunit;
t->lxcname = p->lxcname;
MK_THREAD(t);
}
2003-09-20 08:29:55 +00:00
#endif
if (unlikely(flags & PROC_FILLOOM)) {
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (likely(file2str(path, "oom_score", &ub) != -1))
oomscore2proc(ub.buf, t);
if (likely(file2str(path, "oom_adj", &ub) != -1))
oomadj2proc(ub.buf, t);
}
if (unlikely(flags & PROC_FILLNS)) // read /proc/#/task/#/ns/*
ns2proc(path, t);
2003-09-29 04:09:52 +00:00
2003-09-20 08:29:55 +00:00
return t;
next_task:
return NULL;
#ifndef QUICK_THREADS
(void)p;
#endif
2003-09-20 08:29:55 +00:00
}
2003-09-17 21:58:32 +00:00
//////////////////////////////////////////////////////////////////////////////////
// This finds processes in /proc in the traditional way.
// Return non-zero on success.
2003-09-20 08:29:55 +00:00
static int simple_nextpid(PROCTAB *restrict const PT, proc_t *restrict const p) {
static struct dirent *ent; /* dirent handle */
2003-09-20 08:29:55 +00:00
char *restrict const path = PT->path;
2003-09-17 21:58:32 +00:00
for (;;) {
ent = readdir(PT->procfs);
if(unlikely(unlikely(!ent) || unlikely(!ent->d_name[0]))) return 0;
if(likely(likely(*ent->d_name > '0') && likely(*ent->d_name <= '9'))) break;
2003-09-17 21:58:32 +00:00
}
2003-09-20 08:29:55 +00:00
p->tgid = strtoul(ent->d_name, NULL, 10);
p->tid = p->tgid;
snprintf(path, PROCPATHLEN, "/proc/%s", ent->d_name);
2003-09-17 21:58:32 +00:00
return 1;
2002-02-01 22:47:29 +00:00
}
2003-09-20 08:29:55 +00:00
//////////////////////////////////////////////////////////////////////////////////
// This finds tasks in /proc/*/task/ in the traditional way.
// Return non-zero on success.
static int simple_nexttid(PROCTAB *restrict const PT, const proc_t *restrict const p, proc_t *restrict const t, char *restrict const path) {
static struct dirent *ent; /* dirent handle */
2003-10-19 23:37:47 +00:00
if(PT->taskdir_user != p->tgid){
if(PT->taskdir){
closedir(PT->taskdir);
}
2003-09-20 08:29:55 +00:00
// use "path" as some tmp space
2003-10-21 00:51:36 +00:00
snprintf(path, PROCPATHLEN, "/proc/%d/task", p->tgid);
2003-09-20 08:29:55 +00:00
PT->taskdir = opendir(path);
if(!PT->taskdir) return 0;
2003-10-19 23:37:47 +00:00
PT->taskdir_user = p->tgid;
2003-09-20 08:29:55 +00:00
}
for (;;) {
ent = readdir(PT->taskdir);
if(unlikely(unlikely(!ent) || unlikely(!ent->d_name[0]))) return 0;
if(likely(likely(*ent->d_name > '0') && likely(*ent->d_name <= '9'))) break;
2003-09-20 08:29:55 +00:00
}
t->tid = strtoul(ent->d_name, NULL, 10);
t->tgid = p->tgid;
//t->ppid = p->ppid; // cover for kernel behavior? we want both actually...?
2003-10-21 00:51:36 +00:00
snprintf(path, PROCPATHLEN, "/proc/%d/task/%s", p->tgid, ent->d_name);
2003-09-20 08:29:55 +00:00
return 1;
}
2003-09-17 21:58:32 +00:00
//////////////////////////////////////////////////////////////////////////////////
// This "finds" processes in a list that was given to openproc().
2003-09-20 08:29:55 +00:00
// Return non-zero on success. (tgid was handy)
static int listed_nextpid(PROCTAB *restrict const PT, proc_t *restrict const p) {
char *restrict const path = PT->path;
pid_t tgid = *(PT->pids)++;
if(likely(tgid)){
2003-09-20 08:29:55 +00:00
snprintf(path, PROCPATHLEN, "/proc/%d", tgid);
p->tgid = tgid;
p->tid = tgid; // they match for leaders
2003-09-17 21:58:32 +00:00
}
2003-09-20 08:29:55 +00:00
return tgid;
2003-09-17 21:58:32 +00:00
}
//////////////////////////////////////////////////////////////////////////////////
/* readproc: return a pointer to a proc_t filled with requested info about the
2002-02-01 22:47:29 +00:00
* next process available matching the restriction set. If no more such
* processes are available, return a null pointer (boolean false). Use the
* passed buffer instead of allocating space if it is non-NULL. */
/* This is optimized so that if a PID list is given, only those files are
* searched for in /proc. If other lists are given in addition to the PID list,
* the same logic can follow through as for the no-PID list case. This is
* fairly complex, but it does try to not to do any unnecessary work.
*/
2003-09-17 21:58:32 +00:00
proc_t* readproc(PROCTAB *restrict const PT, proc_t *restrict p) {
proc_t *ret;
proc_t *saved_p;
PT->did_fake=0;
2003-10-19 23:37:47 +00:00
// if (PT->taskdir) {
// closedir(PT->taskdir);
// PT->taskdir = NULL;
// PT->taskdir_user = -1;
// }
2003-09-20 08:29:55 +00:00
2003-09-17 21:58:32 +00:00
saved_p = p;
if(!p) p = xcalloc(sizeof *p);
else free_acquired(p, 1);
2003-09-17 21:58:32 +00:00
for(;;){
2003-09-20 08:29:55 +00:00
// fills in the path, plus p->tid and p->tgid
if (unlikely(!PT->finder(PT,p))) goto out;
2003-09-17 21:58:32 +00:00
// go read the process data
2003-09-20 08:29:55 +00:00
ret = PT->reader(PT,p);
2003-09-17 21:58:32 +00:00
if(ret) return ret;
}
out:
if(!saved_p) free(p);
2003-09-20 08:29:55 +00:00
// FIXME: maybe set tid to -1 here, for "-" in display?
return NULL;
}
//////////////////////////////////////////////////////////////////////////////////
// readtask: return a pointer to a proc_t filled with requested info about the
// next task available. If no more such tasks are available, return a null
// pointer (boolean false). Use the passed buffer instead of allocating
// space if it is non-NULL.
proc_t* readtask(PROCTAB *restrict const PT, const proc_t *restrict const p, proc_t *restrict t) {
char path[PROCPATHLEN]; // must hold /proc/2000222000/task/2000222000/cmdline
2003-09-20 08:29:55 +00:00
proc_t *ret;
proc_t *saved_t;
saved_t = t;
if(!t) t = xcalloc(sizeof *t);
else free_acquired(t, 1);
2003-09-20 08:29:55 +00:00
2003-12-13 16:51:40 +00:00
// 1. got to fake a thread for old kernels
#ifdef QUICK_THREADS
// 2. for single-threaded processes, this is faster (but must patch up stuff that differs!)
if(task_dir_missing || p->nlwp < 2){
#else
if(task_dir_missing){
#endif
2003-09-20 08:29:55 +00:00
if(PT->did_fake) goto out;
PT->did_fake=1;
memcpy(t,p,sizeof(proc_t));
// use the per-task pending, not per-tgid pending
#ifdef SIGNAL_STRING
memcpy(&t->signal, &t->_sigpnd, sizeof t->signal);
#else
t->signal = t->_sigpnd;
#endif
#ifdef QUICK_THREADS
MK_THREAD(t);
#else
t->environ = NULL;
t->cmdline = vectorize_this_str("n/a");
t->cgroup = NULL;
t->cgname = NULL;
t->supgid = NULL;
t->supgrp = NULL;
t->sd_mach = NULL;
t->sd_ouid = NULL;
t->sd_seat = NULL;
t->sd_sess = NULL;
t->sd_slice = NULL;
t->sd_unit = NULL;
t->sd_uunit = NULL;
#endif
2003-09-20 08:29:55 +00:00
return t;
}
for(;;){
// fills in the path, plus t->tid and t->tgid
if (unlikely(!PT->taskfinder(PT,p,t,path))) goto out; // simple_nexttid
2003-09-20 08:29:55 +00:00
// go read the task data
ret = PT->taskreader(PT,p,t,path); // simple_readtask
if(ret) return ret;
}
out:
if(!saved_t) free(t);
2003-09-17 21:58:32 +00:00
return NULL;
}
2002-02-01 22:47:29 +00:00
//////////////////////////////////////////////////////////////////////////////////
// readeither: return a pointer to a proc_t filled with requested info about
// the next unique process or task available. If no more are available,
// return a null pointer (boolean false). Use the passed buffer instead
// of allocating space if it is non-NULL.
proc_t* readeither (PROCTAB *restrict const PT, proc_t *restrict x) {
static proc_t skel_p; // skeleton proc_t, only uses tid + tgid
static proc_t *new_p; // for process/task transitions
proc/readproc.c: Work around a design flaw in readeither(). readeither() caches (in new_p) a pointer to the proc_t of a task-group leader, but readeither()'s callers can do pretty much anything with the proc_t structure passed to and/or returned by this function. For example, they can 1/ free it or 2/ recycle it (by passing it to readeither() as x). 1/ leads to a use-after-free, and 2/ leads to unexpected behavior when taskreader()/simple_readtask() is called with new_p equal to x (this is not a theoretical flaw: 2/ happens in readproctab3() when want_task() returns false and p is a group leader). As a workaround, we keep a copy of new_p's first member (tid) in static storage, and the next times we enter readeither() we check this "canary" against the tid in new_p: if they differ, we reset new_p to NULL, which forces the allocation of a new proc_t (the new "leader", or reference). This always detects 2/ (because free_acquired(x,1) memsets x and hence new_p); always detects 1/ if freed via free_acquired() and/or freeproc() (very likely, otherwise memory may be leaked); probably detects 1/ even if freed directly via free() (because the canary is the first member of proc_t, likely to be overwritten by free()); but can not detect 1/ if free() does not write to new_p's chunk at all. Moreover, accessing new_p->tid to check the canary in case 1/ is itself a use-after-free, so a better long-term solution should be implemented at some point (we wanted to avoid intrusive and backward-incompatible changes in this library function, hence this imperfect workaround).
-
static int canary;
char path[PROCPATHLEN];
proc_t *saved_x, *ret;
saved_x = x;
if (!x) x = xcalloc(sizeof(*x));
else free_acquired(x,1);
proc/readproc.c: Work around a design flaw in readeither(). readeither() caches (in new_p) a pointer to the proc_t of a task-group leader, but readeither()'s callers can do pretty much anything with the proc_t structure passed to and/or returned by this function. For example, they can 1/ free it or 2/ recycle it (by passing it to readeither() as x). 1/ leads to a use-after-free, and 2/ leads to unexpected behavior when taskreader()/simple_readtask() is called with new_p equal to x (this is not a theoretical flaw: 2/ happens in readproctab3() when want_task() returns false and p is a group leader). As a workaround, we keep a copy of new_p's first member (tid) in static storage, and the next times we enter readeither() we check this "canary" against the tid in new_p: if they differ, we reset new_p to NULL, which forces the allocation of a new proc_t (the new "leader", or reference). This always detects 2/ (because free_acquired(x,1) memsets x and hence new_p); always detects 1/ if freed via free_acquired() and/or freeproc() (very likely, otherwise memory may be leaked); probably detects 1/ even if freed directly via free() (because the canary is the first member of proc_t, likely to be overwritten by free()); but can not detect 1/ if free() does not write to new_p's chunk at all. Moreover, accessing new_p->tid to check the canary in case 1/ is itself a use-after-free, so a better long-term solution should be implemented at some point (we wanted to avoid intrusive and backward-incompatible changes in this library function, hence this imperfect workaround).
-
if (new_p) {
if (new_p->tid != canary) new_p = NULL;
goto next_task;
}
next_proc:
new_p = NULL;
for (;;) {
// fills in the PT->path, plus skel_p.tid and skel_p.tgid
if (!PT->finder(PT,&skel_p)) goto end_procs; // simple_nextpid
if (!task_dir_missing) break;
if ((ret = PT->reader(PT,x))) return ret; // simple_readproc
}
next_task:
2011-10-06 08:34:26 -05:00
// fills in our path, plus x->tid and x->tgid
if ((!(PT->taskfinder(PT,&skel_p,x,path))) // simple_nexttid
|| (!(ret = PT->taskreader(PT,new_p,x,path)))) { // simple_readtask
goto next_proc;
}
proc/readproc.c: Work around a design flaw in readeither(). readeither() caches (in new_p) a pointer to the proc_t of a task-group leader, but readeither()'s callers can do pretty much anything with the proc_t structure passed to and/or returned by this function. For example, they can 1/ free it or 2/ recycle it (by passing it to readeither() as x). 1/ leads to a use-after-free, and 2/ leads to unexpected behavior when taskreader()/simple_readtask() is called with new_p equal to x (this is not a theoretical flaw: 2/ happens in readproctab3() when want_task() returns false and p is a group leader). As a workaround, we keep a copy of new_p's first member (tid) in static storage, and the next times we enter readeither() we check this "canary" against the tid in new_p: if they differ, we reset new_p to NULL, which forces the allocation of a new proc_t (the new "leader", or reference). This always detects 2/ (because free_acquired(x,1) memsets x and hence new_p); always detects 1/ if freed via free_acquired() and/or freeproc() (very likely, otherwise memory may be leaked); probably detects 1/ even if freed directly via free() (because the canary is the first member of proc_t, likely to be overwritten by free()); but can not detect 1/ if free() does not write to new_p's chunk at all. Moreover, accessing new_p->tid to check the canary in case 1/ is itself a use-after-free, so a better long-term solution should be implemented at some point (we wanted to avoid intrusive and backward-incompatible changes in this library function, hence this imperfect workaround).
-
if (!new_p) {
new_p = ret;
canary = new_p->tid;
}
2011-10-06 08:34:26 -05:00
return ret;
end_procs:
if (!saved_x) free(x);
return NULL;
}
2003-09-17 21:58:32 +00:00
//////////////////////////////////////////////////////////////////////////////////
2002-02-01 22:47:29 +00:00
2003-09-17 21:58:32 +00:00
// initiate a process table scan
PROCTAB* openproc(int flags, ...) {
va_list ap;
2003-09-20 08:29:55 +00:00
struct stat sbuf;
static int did_stat;
PROCTAB* PT = xcalloc(sizeof(PROCTAB));
2003-09-20 08:29:55 +00:00
if (!did_stat){
task_dir_missing = stat("/proc/self/task", &sbuf);
did_stat = 1;
2003-09-20 08:29:55 +00:00
}
PT->taskdir = NULL;
2003-10-19 23:37:47 +00:00
PT->taskdir_user = -1;
2003-09-20 08:29:55 +00:00
PT->taskfinder = simple_nexttid;
PT->taskreader = simple_readtask;
2003-09-17 21:58:32 +00:00
PT->reader = simple_readproc;
if (flags & PROC_PID){
PT->procfs = NULL;
PT->finder = listed_nextpid;
2003-09-17 21:58:32 +00:00
}else{
PT->procfs = opendir("/proc");
if (!PT->procfs) { free(PT); return NULL; }
PT->finder = simple_nextpid;
2002-12-21 06:22:00 +00:00
}
2003-09-17 21:58:32 +00:00
PT->flags = flags;
2002-02-01 22:47:29 +00:00
va_start(ap, flags);
2003-09-17 21:58:32 +00:00
if (flags & PROC_PID)
PT->pids = va_arg(ap, pid_t*);
else if (flags & PROC_UID){
PT->uids = va_arg(ap, uid_t*);
PT->nuid = va_arg(ap, int);
}
va_end(ap);
2002-02-01 22:47:29 +00:00
if (!src_buffer){
src_buffer = xmalloc(MAX_BUFSZ);
dst_buffer = xmalloc(MAX_BUFSZ);
}
2003-09-17 21:58:32 +00:00
return PT;
}
2003-09-17 21:58:32 +00:00
// terminate a process table scan
void closeproc(PROCTAB* PT) {
if (PT){
if (PT->procfs) closedir(PT->procfs);
2003-09-20 08:29:55 +00:00
if (PT->taskdir) closedir(PT->taskdir);
2003-10-19 23:37:47 +00:00
memset(PT,'#',sizeof(PROCTAB));
2003-09-17 21:58:32 +00:00
free(PT);
}
}
// deallocate space allocated by readproc
2003-09-17 21:58:32 +00:00
void freeproc(proc_t* p) {
if (p) {
free_acquired(p, 0);
free(p);
}
2002-02-01 22:47:29 +00:00
}
2003-09-17 21:58:32 +00:00
//////////////////////////////////////////////////////////////////////////////////
2002-02-01 22:47:29 +00:00
void look_up_our_self(proc_t *p) {
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
struct utlbuf_s ub = { NULL, 0 };
2003-05-31 15:18:13 +00:00
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if(file2str("/proc/self", "stat", &ub) == -1){
fprintf(stderr, "Error, do this: mount -t proc proc /proc\n");
2003-05-31 15:18:13 +00:00
_exit(47);
}
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
stat2proc(ub.buf, p); // parse /proc/self/stat
free(ub.buf);
2002-02-01 22:47:29 +00:00
}
2003-01-15 10:52:39 +00:00
HIDDEN_ALIAS(readproc);
2003-10-16 03:30:41 +00:00
HIDDEN_ALIAS(readtask);
HIDDEN_ALIAS(readeither);
2002-02-01 22:47:29 +00:00
/* Convenient wrapper around openproc and readproc to slurp in the whole process
* table subset satisfying the constraints of flags and the optional PID list.
2003-07-03 05:20:19 +00:00
* Free allocated memory with exit(). Access via tab[N]->member. The pointer
* list is NULL terminated.
2002-02-01 22:47:29 +00:00
*/
proc_t** readproctab(int flags, ...) {
PROCTAB* PT = NULL;
proc_t** tab = NULL;
int n = 0;
va_list ap;
va_start(ap, flags); /* pass through args to openproc */
2002-10-22 06:12:12 +00:00
if (flags & PROC_UID) {
2002-02-01 22:47:29 +00:00
/* temporary variables to ensure that va_arg() instances
* are called in the right order
*/
uid_t* u;
int i;
u = va_arg(ap, uid_t*);
i = va_arg(ap, int);
PT = openproc(flags, u, i);
}
2002-10-22 06:12:12 +00:00
else if (flags & PROC_PID)
2002-02-01 22:47:29 +00:00
PT = openproc(flags, va_arg(ap, void*)); /* assume ptr sizes same */
else
PT = openproc(flags);
va_end(ap);
if (!PT)
return 0;
2002-02-01 22:47:29 +00:00
do { /* read table: */
if (n < 0 || (size_t)n >= INT_MAX / sizeof(proc_t*)) {
xalloc_err_handler("integer overflow in %s (%s=%zu)", __func__, "n", (size_t)n);
exit(EXIT_FAILURE);
}
2002-02-01 22:47:29 +00:00
tab = xrealloc(tab, (n+1)*sizeof(proc_t*));/* realloc as we go, using */
2003-01-15 10:52:39 +00:00
tab[n] = readproc_direct(PT, NULL); /* final null to terminate */
2002-02-01 22:47:29 +00:00
} while (tab[n++]); /* stop when NULL reached */
closeproc(PT);
return tab;
}
2003-10-16 03:30:41 +00:00
#define grow_by_size(ptr, nmemb, over, size) do { \
if ((size_t)(nmemb) >= INT_MAX / 5) { \
xalloc_err_handler("integer overflow in %s (%s=%zu)", __func__, #nmemb, (size_t)(nmemb)); \
exit(EXIT_FAILURE); \
} \
(nmemb) = (nmemb) * 5 / 4 + (over); \
if ((size_t)(nmemb) >= SSIZE_MAX / (size)) { \
xalloc_err_handler("integer overflow in %s (%s=%zu)", __func__, #nmemb, (size_t)(nmemb)); \
exit(EXIT_FAILURE); \
} \
(ptr) = xrealloc((ptr), (nmemb) * (size)); \
} while (0)
2003-10-16 03:30:41 +00:00
// Try again, this time with threads and selection.
2003-10-19 23:37:47 +00:00
proc_data_t *readproctab2(int(*want_proc)(proc_t *buf), int(*want_task)(proc_t *buf), PROCTAB *restrict const PT) {
static proc_data_t pd;
2003-10-16 03:30:41 +00:00
proc_t** ptab = NULL;
size_t n_proc_alloc = 0;
size_t n_proc = 0;
2003-10-19 23:37:47 +00:00
proc_t** ttab = NULL;
size_t n_task_alloc = 0;
size_t n_task = 0;
2003-10-16 03:30:41 +00:00
2003-10-19 23:37:47 +00:00
proc_t* data = NULL;
size_t n_alloc = 0;
uintptr_t n_used = 0;
2003-10-16 03:30:41 +00:00
for(;;){
proc_t *tmp;
if(n_alloc == n_used){
//proc_t *old = data;
grow_by_size(data, n_alloc, 30, sizeof(proc_t));
memset(data+n_used, 0, sizeof(proc_t)*(n_alloc-n_used));
2003-10-16 03:30:41 +00:00
}
if(n_proc_alloc == n_proc){
//proc_t **old = ptab;
grow_by_size(ptab, n_proc_alloc, 30, sizeof(proc_t*));
2003-10-16 03:30:41 +00:00
}
tmp = readproc_direct(PT, data+n_used);
if(!tmp) break;
if(!want_proc(tmp)) continue;
2003-10-19 23:37:47 +00:00
ptab[n_proc++] = (proc_t*)(n_used++);
2003-10-16 03:30:41 +00:00
if(!( PT->flags & PROC_LOOSE_TASKS )) continue;
for(;;){
proc_t *t;
if(n_alloc == n_used){
proc_t *old = data;
grow_by_size(data, n_alloc, 30, sizeof(proc_t));
// have to move tmp too
tmp = data+(tmp-old);
memset(data+n_used, 0, sizeof(proc_t)*(n_alloc-n_used));
2003-10-16 03:30:41 +00:00
}
if(n_task_alloc == n_task){
//proc_t **old = ttab;
grow_by_size(ttab, n_task_alloc, 1, sizeof(proc_t*));
2003-10-16 03:30:41 +00:00
}
t = readtask_direct(PT, tmp, data+n_used);
if(!t) break;
if(!want_task(t)) continue;
2003-10-19 23:37:47 +00:00
ttab[n_task++] = (proc_t*)(n_used++);
2003-10-16 03:30:41 +00:00
}
}
pd.proc = ptab;
pd.task = ttab;
pd.nproc = n_proc;
pd.ntask = n_task;
2003-10-19 23:37:47 +00:00
if(PT->flags & PROC_LOOSE_TASKS){
pd.tab = ttab;
pd.n = n_task;
2003-10-16 03:30:41 +00:00
}else{
pd.tab = ptab;
pd.n = n_proc;
2003-10-16 03:30:41 +00:00
}
2003-10-19 23:37:47 +00:00
// change array indexes to pointers
while(n_proc--) ptab[n_proc] = data+(uintptr_t)(ptab[n_proc]);
while(n_task--) ttab[n_task] = data+(uintptr_t)(ttab[n_task]);
2003-10-16 03:30:41 +00:00
return &pd;
}
// Try try yet again, this time treating processes and threads the same...
proc_data_t *readproctab3 (int(*want_task)(proc_t *buf), PROCTAB *restrict const PT) {
static proc_data_t pd;
proc_t **tab = NULL;
size_t n_alloc = 0;
size_t n_used = 0;
proc_t *p = NULL;
for (;;) {
if (n_alloc == n_used) {
grow_by_size(tab, n_alloc, 30, sizeof(proc_t*));
}
// let this next guy allocate the necessary proc_t storage
// (or recycle it) since he can't tolerate realloc relocations
if (!(p = readeither_direct(PT,p))) break;
if (want_task(p)) {
tab[n_used++] = p;
p = NULL;
}
}
pd.tab = tab;
pd.n = n_used;
return &pd;
2003-10-16 03:30:41 +00:00
}
2004-01-26 20:01:56 +00:00
/*
* get_proc_stats - lookup a single tasks information and fill out a proc_t
*
* On failure, returns NULL. On success, returns 'p' and 'p' is a valid
* and filled out proc_t structure.
*/
2004-11-04 20:50:59 +00:00
proc_t * get_proc_stats(pid_t pid, proc_t *p) {
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
struct utlbuf_s ub = { NULL, 0 };
static char path[32];
struct stat statbuf;
snprintf(path, sizeof path, "/proc/%d", pid);
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (stat(path, &statbuf)) {
perror("stat");
return NULL;
}
2004-01-26 20:01:56 +00:00
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
if (file2str(path, "stat", &ub) >= 0)
stat2proc(ub.buf, p);
if (file2str(path, "statm", &ub) >= 0)
statm2proc(ub.buf, p);
if (file2str(path, "status", &ub) >= 0)
status2proc(ub.buf, p, 0);
2004-01-26 20:01:56 +00:00
library: utility buffers now immune to buffer overflow A recent Debian bug report, dealing with release 3.2.8 and its even more restrictive buffer sizes (1024) used in stat, statm and status reads via file2str calls, is a reminder of what could yet happen to procps-ng. Size needs are determined by kernel evolution and/or config options so that bug could resurface even though buffer size is currently 4 times the old procps-3.2.8 limits. Those sizes were raised from 1024 to 4096 bytes in the patch submitted by Eric Dumazet, and referenced below. This patch makes libprocps immune to future changes in the amount of stuff that is ultimately found in a proc 'stat', 'statm' or 'status' subdirectory. We now trade the former static buffer of 4096 bytes for dynamically allocated buffers whose size can be increased by need. Even though this change is solely an internal one, and in no way directly affects the API or the ABI, libtool suggests that the LIBprocps_REVISION be raised. I hope Craig remembers to do that just before a next release. We don't want a repeat of the procps-ng-3.3.4 boo-boo, but with no API/ABI impact that probably can't happen. p.s. A big thanks to Jaromir Capik <jcapik@redhat.com> who reviewed my original version and, of course, found some of my trademark illogic + unnecessary code. After his coaxing, he helped make this a much better commit. Reference(s): . procps-3.2.8 http://bugs.debian.org/702965 . allow large list of groups commit 7933435584aa1fd75460f4c7715a3d4855d97c1c Signed-off-by: Jim Warner <james.warner@comcast.net> Reviewed by: Jaromir Capik <jcapik@redhat.com>
2013-03-23 00:00:00 -05:00
free(ub.buf);
return p;
2004-01-26 20:01:56 +00:00
}
#undef MK_THREAD
#undef IS_THREAD
#undef MAX_BUFSZ