351 Commits

Author SHA1 Message Date
liutie
e9445a07cf signal: fix suspending ps when receving SIGTERM or SIGHUP
Call trace:
  #0 __lll_lock_wait_private () at
     ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
  #1 0x00007f95c059f9d7 in _L_lock_638 () from /lib64/libc.so.6
  #2 0x00007f95c059f8b6 in _nl_expand_alias
  #3 0x00007f95c059dad8 in _nl_find_domain
  #4 0x00007f95c059d22e in __dcigettext
  #5 0x00007f95c059c05f in __GI___dcgettext
  #6  0x00000000004032b3 in signal_handler (signo=15) at display.c:54
  #7  <signal handler called>
  #8  __memcpy_sse2 () at ../sysdeps/x86_64/memcpy.S:104
  #9  0x00007f95c05d9934 in __GI__IO_getline_info
  #10 0x00007f95c05d99b8 in __GI__IO_getline
  #11 0x00007f95c05e2a5d in __GI_fgets_unlocked
  #12 0x00007f95c059f478 in read_alias_file
  #13 0x00007f95c059f97a in _nl_expand_alias
  #14 0x00007f95c059dad8 in _nl_find_domain
  #15 0x00007f95c059d22e in __dcigettext
  #16 0x00007f95c059c05f in __GI___dcgettext
  #17 0x0000000000403a8d in reset_global () at global.c:410
  #18 0x0000000000402605 in main at display.c:650

The above call trace happens when the ps process is suspending, and the
signal SIGTERM is sent to the ps process at the same time.
Just cancel the SIGTERM and SIGHUP handler when suspending to prevent
the problem.

Signed-off-by: liutie <liutie4@huawei.com>
Signed-off-by: fu.lin <fulin10@huawei.com>
2022-04-26 20:24:42 +10:00
Jim Warner
a2c1abb136 ps: that '%CUC' column must be just a little bit wider
Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-04-22 12:02:30 +10:00
Jim Warner
20e44569f5 ps: improved three elapsed 'jiffies/tics' calculations
With openSUSE's tumbleweed release of procps-ng-4.0.0,
their source rpm contained a questionable patch. It is
ostensibly devoted to increasing the accuracy for %cpu
calculations in the ps program. However, in my opinion
it goes too far and is quite flawed for these reasons:

1. Six separate files were impacted instead of just 1.
2. While ps was the object, libproc-2 was changed too.
3. A header file's alphabetic item order was violated.
4. The library API and ABI were altered unnecessarily.

It should be noted that all the <pids> TIME items were
made 'real' when representing seconds so that they can
be converted into jiffies/tics if multiplied by hertz.
Thus, there was absolutely no justification for adding
a new PIDS_TICS_ELAPSED ull_int item to the interface.

As an example, assuming a hertz value of 100, there is
enough capacity in all of those 'TIME' seconds to hold
nearly 3 million years worth of tics without a loss of
precision whenever they are changed back into jiffies.

[ that's nine quadrillion seven trillion one hundred ]
[ ninety-nine billion two hundred fifty-four million ]
[ seven hundred forty thousand nine hundred ninety + ]
[ one! or more concisely, as: 9,007,199,254,740,991. ]

So, any need for increased accuracy in that ps program
can be realized within the single output.c file alone.

That's what will be accomplished with this new commit.

And for any doubters here's a 'double' capacity proof:

beg ------ 9007199254740991.000000000000000000000 tic|
 d /= 100, 90071992547409.90625000000000000000000 sec
 d /=  60, 1501199875790.165039062500000000000000 min
 d /=  60, 25019997929.83608245849609375000000000 hrs
 d /=  24, 1042499913.743170142173767089843750000 day
 d /=   7, 148928559.1061671674251556396484375000 wks
 d /=  52, 2864010.752041676081717014312744140625 yrs
 d *=  52, 148928559.1061671674251556396484375000 wks
 d *=   7, 1042499913.743170142173767089843750000 day
 d *=  24, 25019997929.83608245849609375000000000 hrs
 d *=  60, 1501199875790.165039062500000000000000 min
 d *=  60, 90071992547409.90625000000000000000000 sec
 d *= 100, 9007199254740991.000000000000000000000 tic
end ------ 9007199254740991.000000000000000000000  " |

[ who knows, maybe we'll even convince openSUSE that ]
[ the original sledgehammer 'dif' should be dropped. ]

Reference(s):
. openSUSE equivalent: 'procps-ng-4.0.0-accuracy.dif'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-04-17 10:43:19 +10:00
Jim Warner
5edeabbd4a ps: that restored aix behavior gets its ultimate tweak
Now that this 'c' variable initial assignment has been
moved outside the looping code, there is no longer any
need to specifically check for space/comma when 'c' is
not '%'. So, let us eliminate those two lines of code.

[ i promise not to change this algorithm ever again! ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-04-17 10:43:19 +10:00
Jim Warner
4fbf8d22a9 ps: that restored aix behavior is now even more robust
With the commit referenced below a nasty bug affecting
aix parsing was swatted. Beyond the bug, the logic was
enhanced to disallow commas in the format string since
they would otherwise be shown with their field's data.

However, there remained many characters other than ','
that could survive the edits to then be shown adjacent
to the data. Well, with this patch they won't anymore!

[ along the way we will no longer try to forgive the ]
[ use of a double '%%' prefix since that resulted in ]
[ display of one '%' and field code instead of data. ]

Reference(s):
. March, 2022 - restored aix bahavior
commit 8cb646bdfc6e37b221f9616df96c6c116e6def28

Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-04-09 12:57:39 +10:00
Jim Warner
e914f4b068 ps: restore thread display when using a pidlist option
This commit will once again display threads when using
the -L option along with any of those pidlist options.

Reference(s):
https://gitlab.com/procps-ng/procps/-/issues/234

Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-04-01 17:13:25 +11:00
Jim Warner
8cb646bdfc ps: restore aix behavior while keeping an original fix
The commit shown below broke the aix behavior that Dr.
Fink recently reported. However, in the proposed patch
the old behavior, showing garbage when '%cpu' was used
with an invalid formatting option, would appear again.

So this patch, based on Werner's patch, goes the extra
distance to prevent that. Along the way we'll disallow
commas in the aix format str to prevent their display.

Reference(s):
https://www.freelists.org/post/procps/Procpsng-400-released-with-newlib,2
. Mar, 2022 - where aix bug was introduced
commit 81df85a1b528d4edb9ab98b37fb6c6244430b6c4

Prototyped-by: Dr. Werner Fink <werner@suse.de>
Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-04-01 17:13:25 +11:00
Jim Warner
53917334d0 ps: plus for symmetry 'UTILIZATION_C' is newest format
This commit just compliments a change referenced below
by providing the value which includes reaped children.

[ as an aside, it looks like ps only includes reaped ]
[ children values under an obscure BSD or GNU option ]

[ so, this change is possibly of even more relevance ]

Reference(s):
. Mar, 2022 - added %CUU
commit 2ac72e2e801e015532b555ae0f2272c8ecef2c8b

Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-03-07 20:29:06 +11:00
Jim Warner
6490349e64 ps: enabled sort with 'utilization' related specifiers
When %CUU was added, in the commit referenced below, I
stated that 4 similar specifiers already existed. Well
I misspoke since there is actually 5 including 'util'.

Each of those fields had no sort capability. Since the
values are dynamically calculated, they were forced to
use 'PIDS_extra' as the format_array 'sr' designation.

Now each will use 'PIDS_UTILIZATION' and be sort-able.

[ yes, sometimes the calculated values could contain ]
[ reaped children while the sort field does not. but ]
[ such disparity depends on obscure bsd/gnu options. ]

Reference(s):
. Mar, 2022 - added %CUU
commit 2ac72e2e801e015532b555ae0f2272c8ecef2c8b

Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-03-07 20:29:06 +11:00
Jim Warner
81df85a1b5 ps: swat insidious bug with the %cpu' format specifier
Whoa, my head really hurts but this commit should help
with a speedy recovery hopefully, after it is applied.

If the '%cpu' field is used as a format specifier with
that 'o' option, you will encounter a SIGSEGV if there
is also an invalid argument on that same command line.

For example, try 'ps/pscommand -o %cpu,x' with newlib.
With any format specifier other than the '%cpu', there
is an error message, as would happen with '-o pcpu,x'.

For a 3.3.17 version of ps, there's no abend. Instead,
the program will just display a bunch of gobbledygook.
This boo-boo was found to exist as far back as v3.3.0.

[ ok, i am starting to feel very much better already ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-03-06 14:52:34 +11:00
Jim Warner
2ac72e2e80 ps: exploit the library addition for 'cpu utilization'
This just parallels the top program by adding that new
library PIDS_UTILIZATION item to the ps repertoire. It
should be noted, however, that the new %CUU field is a
little redundant. I mean, ps already has 4 such fields
implemented identified as: '%cpu', 'c', 'cp' & 'pcpu'.

Oh well, at least the newest one offers a little value
added in the form of extra precision. We'll follow the
top lead and display results in the form of: '##.###'.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-03-06 14:52:34 +11:00
Jim Warner
8f5a755d11 ps: response to those library changes for 'TIME' stuff
The library refactored 'TIME' items for consistency so
we must adapt to some new data types and calculations.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-02-27 21:27:02 +11:00
Jim Warner
e243721f22 doc: updated 3 man pages for 'LIBPROC_HIDE_KERNEL' var
This patch was prompted by Björn Fischer's merge #147
request referenced below. And since the library change
may impact all users, multiple man pages were updated.

[ and thanks to Björn for initiating this extension ]

Reference(s):
https://gitlab.com/procps-ng/procps/-/merge_requests/147

Prototyped-by: Björn Fischer <bf@CeBiTec.Uni-Bielefeld.DE>
Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-01-07 19:19:15 +11:00
Jim Warner
957b74292f ps,top: convert 'PIDS_PROCESSOR' into a signed integer
Not only does that library tweak help to simplify some
top code, but now that ps snprintf fmtstr will finally
be accurate. That is two birdies with a single pebble!

Signed-off-by: Jim Warner <james.warner@comcast.net>
2021-12-16 20:50:07 +11:00
Craig Small
bcb837b8c7 First cut at subset=pid proc mount handling
The procfs mount option subset=pid only shows the processes, not things
such as /proc/stat etc.

For certain programs, this should mean they still work, but have reduced
functionality. This is the first cut at some of them.

pgrep - Removed always loading uptime which we never used anyway. The
program now works fine unless we use --older. Add note in man page
stating it will silently fail.

ps - Load boot time and memory total only when required instead of
always. Changed the error messages to something the user actually
cares about "can't get system boot time" vs "create a structure".
Works for most fields except starts and percent memory.

uptime - Give more useful error messages if uptime not available.

vmstat - move header generation after testing for required proc
files, makes the default output more consistent with the rest
of the options.

References:
 procps-ng/procps#227
 https://www.kernel.org/doc/html/latest/filesystems/proc.html#chapter-4-configuring-procfs
 6814ef2d99

Signed-off-by: Craig Small <csmall@dropbear.xyz>
2021-12-16 20:36:00 +11:00
Tommi Rantala
b6ccf865f8 ps: ignore SIGURG
Stop registering signal handler for SIGURG, to avoid ps failure if
someone sends such signal. Without the signal handler, SIGURG will
just be ignored.

  Signal 23 (URG) caught by ps (3.3.16).
  ps:ps/display.c:66: please report this bug

https://man7.org/linux/man-pages/man7/signal.7.html
https://www.freebsd.org/cgi/man.cgi?sektion=3&query=signal
2021-10-14 07:50:37 +11:00
Craig Small
fdab991bb2 docs: Fix comment for priority
Adjust the pri field for ps.1 because a higher pri field means a
higher priority.

References:
 procps-ng/procps#115
2021-09-15 21:36:40 +10:00
Jim Warner
6c426c995e ps: document new items for displaying autogroup values
Signed-off-by: Jim Warner <james.warner@comcast.net>
2021-08-09 22:00:23 +10:00
Jim Warner
c5d1bdd083 ps: added 2 new fields for displaying autogroup values
Signed-off-by: Jim Warner <james.warner@comcast.net>
2021-08-09 22:00:23 +10:00
Jim Warner
93c0a6cedf ps: eliminated an overlooked obsoleted <pids> API item
When several obsolete linux-2.6 fields were eliminated
and ps responded in the commit referenced below, there
was one reference overlooked. So, with this commit the
reference to PIDS_ALARM has been whacked at long last.

Reference(s):
. Sep 2016, ps response to removal
commit 86992bb58f59d617ee2bf20de4f2a185bf817dae

Signed-off-by: Jim Warner <james.warner@comcast.net>
2021-08-09 22:00:23 +10:00
Jim Warner
bbebf29dd1 ps: adapt to the newly added library smaps_rollup item
In that commit referenced below, a new field was added
to the ps program which required adding 2 newlib items
together. Such a need is now satisfied by the library.

So, this commit will just adapt ps for that provision.

Reference(s):
commit e782b1d85989a9d27474264d4d65ffe1c485bdc9

Signed-off-by: Jim Warner <james.warner@comcast.net>
2021-06-17 16:42:58 +10:00
Craig Small
e782b1d859 ps: Add PSS and USS fields
The library added smaps_rollup fields in the referenced commit.
This commit exploits the new fields to give pss and uss options.

These options were first proposed back in 2015 by Petr Malat
and, with the library update, they are finally made it into ps.

Why use proportional or unique segment size? It is argued that
these give a better idea of the "real" memory usage of a process.

References:
 commit 12543b6c7690c379abc28e278cd804c05490a8b1
 issue #112
 https://www.freelists.org/post/procps/PSS-and-USS-support-for-ps
 https://lwn.net/Articles/230975/

Signed-off-by: Craig Small <csmall@dropbear.xyz>
2021-06-16 21:13:52 +10:00
Craig Small
8baf8eeab4 ps: Add IO Accounting fields
Add the fields for the IO accounting to ps as the library now
has them added from previous commit.

References:
 commit a7afe06e6f1b397b7404fbee724a51f88cc8a59c
2021-04-24 23:13:38 +10:00
Craig Small
3dd1661a3d docs: psr ps field is last run processor
The ps.1 manpage incorrectly stated that psr field showed the
processor the process was assigned to. However if the assignment
has changed but the process has not run, then the field doesn't
change.

Some digging by @srikard showed it wasn't the processor assigned
but the last one it was run on. The man page now correctly
describes psr in that way.

References:
 procps-ng/procps#187
2021-03-29 22:11:27 +11:00
Jim Warner
2a3997e2f0 misc: needed adaptations for the changes in <pids> api
That snowball, which began as a simple removal of some
brackets, now ends with this third patch restoring the
ability to build our project. It was made necessary by
the renaming (and rearranging) of several enumerators.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2021-03-11 21:21:23 +11:00
Craig Small
9ddbc82000 ps: Add OOM and OOMADJ fields
top has had the OOMs and OOMa fields since 2011. Ten years its
probably time that ps had these fields added too.

ps output options have oom and oomadj for OOM Score and OOM Adjustment
respectively.

References:
 procps-ng/procps#198
 commit 367fd902dab64b51ba49709004b5011440e3105a
 https://www.freelists.org/post/procps/PATCH-12-Add-missed-oom-support-to-libproc
2021-03-05 17:22:29 +11:00
Jim Warner
423297c9db all: make buildable again for new 'misc.h' header file
With the 4 header files removed in the previous patch,
this commit just changes all those obsolete references
to that new consolidated 'misc.h' header file instead.

Signed-off-by: Jim Warner <james.warner@comcast.net>
2021-01-21 17:30:25 +11:00
Jim Warner
91897e7d2c ps: extend utf8 multibyte support to additional fields
Form its inception (back in May of 2011), escaped_copy
has always been a flawed function. It does not operate
on 'escaped' strings but instead treats all input as a
regular string incapable of containing utf8 sequences.

As such, it should only be used for strings guaranteed
to NOT embody multibyte characters (like SUPGIDS). For
all other strings, which could contain utf8 stuff, the
correct function should have been that escape_str guy.

So this commit changes nearly every escaped_copy call.

Reference(s):
. May 2011, original escaped_copy (cmdline, cgroup)
commit 7b0fc19e9d28380dc9790615b93bc3653d6d686e

Signed-off-by: Jim Warner <james.warner@comcast.net>
2020-12-29 08:48:23 +11:00
Craig Small
bed6074531 ps: Stop crash if using test fields
I'm not sure if anyone actually uses these things, but if you
selected test fields on the command line ps would crash.

$ ps/pscommand -o _left
Signal 11 (SEGV) caught by pscommand (3.3.11.877-0488).
/home/csmall/Projects/procps/procps/ps/.libs/pscommand:ps/display.c:66: please report this bug
Segmentation fault

Anyway, it doesn't now:
$ ps/pscommand -o pid,_left,_left2,_right,_unlimited 1
    PID LLLLLLLL L2L2L2L2 RRRRRRRRRRR U
      1 tty7     3270/tty4      59:59 [123456789-12345] <defunct>
2020-12-22 17:50:17 +11:00
Samanta Navarro
9b0c5dd00b misc: fix typos in manual pages
Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
2020-12-22 11:40:23 +11:00
Stephen Brennan
518547742b Set TZ to avoid repeated stat("/etc/localtime")
With glibc, each time the strftime() function is used (twice per process
in a typical ps -fe run), a stat("/etc/localtime") system call is used
to determine the timezone. Not only does this add extra system call
overhead, but when multiple ps processes are trying to access this
file (or multiple glibc programs using strftime) in parallel, this can
trigger significant lock contention within the OS kernel.

Since ps is not intended to run for long periods of time as a
daemon (during which the system timezone could be altered and PS might
reasonably be expected to adapt its output), there is no benefit to
repeatedly doing this stat(). To stop this behavior, explicitly set the
TZ variable to its default value (:/etc/localtime) whenever it is unset.
glibc will then cache the stat() result.
2020-12-22 11:09:44 +11:00
Craig Small
955aaaf732 ps: Match on truncated 16 char for -C
The referenced commit the comm length was increased from 16 to 64
characters to handle the larger command names for things like kernel
threads.

However most user processes are limited to 15 characters which means
if you try something like ps -C myprogramisbiggerthansixteen this would
fail to match because /proc/<PID>/comm would only be myprogramisbigg

ps now checks the comm length and if it is 15 and if the given match
is 15 or more, it will only match the first 15 characters.

This is also how killall has worked for about a year.

Thanks to Jean Delvare <jdelvare@suse.de> for the note.

Copy of commit from master.

References:
 commit 14005a371e5c14289e96a4927ffd1a827d3c9d85
 commit psmisc/psmisc@1188315cd0
 commit 3e1c00d051ae4a8319df7714d0545b4b7aa81557

Signed-off-by: Craig Small <csmall@dropbear.xyz>
2020-09-24 22:19:11 +10:00
Jim Warner
605ea4a8f7 library: make that 'escape_str' private to our library
In that commit referenced below, a promise was made to
revisit an 'escape_str' function in efforts to make it
private to the library. The problem was it's needed by
both ps plus the library which is why it was exported.

So, in an effort to remove it from libprocps.sym, this
patch duplicates all the required code in ps/output.c.
Now, each version can be made private to their caller.

[ along the way we'll use this opportunity to remove ]
[ the 'restrict' qualifiers from function parameters ]
[ while swatting a compiler warning referenced below ]

Reference(s):
. April 2016, most escape functions made private
commit d916d5db86cbbf552401026aab15c3663412d662

proc/escape.c: In function `escape_command':
proc/escape.c:182:23: warning: initialization of `const char **' from incompatible pointer type `char **' [-Wincompatible-pointer-types]
  182 |     const char **lc = (char**)pp->cmdline;
      |                       ^

Signed-off-by: Jim Warner <james.warner@comcast.net>
2020-07-05 21:13:01 +10:00
Jim Warner
1aa8b16441 library: eliminated the questionable 'procps.h' header
There was a time when that procps.h file served a more
traditional role. Prior to the commit referenced below
it held just macros plus manifest constants. But, with
that change, such items were replaced with a series of
includes embracing all the library exported functions.

That approach was known to disguise errors which would
have otherwise yielded a compiler warning. And without
such a warning, there was no way to address the error.

So this patch will trade the all inclusive header file
approach for individual includes only where necessary.

Reference(s):
. April 2016, procps.h header file revamped
commit ccb6ae8de14b0cde25b84369ef995bcd69cbf7b6
. Sept 2018, top abandoned use of procps.h
commit a6dfc2382ed1e023dd345cdb1d2388c9b67bcc7f

Signed-off-by: Jim Warner <james.warner@comcast.net>
2020-07-05 21:13:01 +10:00
Craig Small
8b4228fe71 docs: some manpage fixes
Some editorial changes so the man pages follow the standards.

References:
 procps#173
2020-06-04 22:33:16 +10:00
Jim Warner
b8f757080a ps: eliminated inadvertent trailing double semi-colons
Signed-off-by: Jim Warner <james.warner@comcast.net>
2020-04-10 14:37:15 +10:00
Craig Small
b3f7bfede6 docs: Mention stime in ps.1
References:
 procps-ng/procps#164
2020-04-07 19:38:17 +10:00
Jim Warner
1f01bd9a9f ps: for abnormal end allow core dumps (fix qualys bug)
A Qualys audit patch, represented in the commit below,
added the _exit() call to our abnormal signal handler.
Unfortunately, that disabled the associated core dump.

This patch restores expected behavior of those signals
whose default produces a core dump file + termination.

Reference(s):
commit 7bd4f0b6d7e058197ccf4234f2a0bcc17550d0a6

Signed-off-by: Jim Warner <james.warner@comcast.net>
2020-01-06 09:11:20 +11:00
Jim Warner
3860f39b3e ps: increase command name length to 64 ____ (catch up)
Reference(s):
. orginal master branch commit, 5/19/18
commit 14005a371e5c14289e96a4927ffd1a827d3c9d85

Signed-off-by: Jim Warner <james.warner@comcast.net>
2019-09-22 07:32:03 +10:00
Jim Warner
30e27d48e9 misc: adapted programs impacted by header file changes
Signed-off-by: Jim Warner <james.warner@comcast.net>
2019-03-26 19:55:30 +11:00
Craig Small
76a2d4c0a1 docs: Update ps.1 to warn about command name length
Previous versions of ps used to only match on the first 15 characters
because that's what the kernel used to provide. Newer kernels have a
longer length for this field so procps has been updated to suit.

References:
 procps-ng/procps#101
 https://bugzilla.suse.com/show_bug.cgi?id=1099091
2018-08-13 20:53:56 +10:00
Jim Warner
6658492df6 ps: exploited that newly added field 'executable path'
Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-26 21:25:18 +10:00
Qualys Security Advisory
6cf89d5065 0067-ps/sortformat.c: Avoid "sep_loc + 1" when sep_loc is NULL. 2018-06-09 21:45:38 +10:00
Qualys Security Advisory
f212e552d7 0066-ps/sortformat.c: Handle large width in aix_format_parse().
Unlikely to ever happen, since it would imply a very large string, but
better safe than sorry.

---------------------------- adapted for newlib branch
. now uses 'xmalloc' vs. unchecked stdlib 'malloc'
. the member 'need' was removed from 'format_node'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
281ac43e35 0065-ps/sortformat.c: Catch negative width in format_parse().
The existing strspn() check guarantees that the string contains no '-'
but atoi() does not catch errors, especially not integer overflows.
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
aad2b13690 0064-ps/sortformat.c: Double-check chars in verify_short_sort().
To avoid an out-of-bounds access at checkoff[tmp]. The strspn() at the
beginning of the function protects against it already, but double-check
this in case of some future change.
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
7bd4f0b6d7 0062-ps/display.c: Always exit from signal_handler().
Right now, "we _exit() anyway" is not always true: for example, the
default action for SIGURG is to ignore the signal, which means that
"kill(getpid(), signo);" does not terminate the process. Call _exit()
explicitly, in this case (rather than exit(), because the terminating
kill() calls do not call the functions registered with atexit() either).
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
6f7d610621 0061-ps/output.c: Always null-terminate outbuf in show_one_proc().
Before "strlen(outbuf)", if one of the pr_*() functions forgot to do it.
This prevents an out-of-bounds read in strlen(), and an out-of-bounds
write in "outbuf[sz] = '\n'". Another solution would be to replace
strlen() with strnlen(), but this is not used anywhere else in the
code-base and may not exist in all libc's.

---------------------------- adapted for newlib branch
. adapted via 'patch' without rejections

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
c5bbe00770 0060-ps/output.c: Protect outbuf in various pr_*() functions.
pr_bsdstart(): Replace "strcpy(outbuf," with "snprintf(outbuf, COLWID,"
(which is used in all surrounding functions). (side note: the fact that
many pr_*() functions simply return "snprintf(outbuf, COLWID," justifies
the "amount" checks added to show_one_proc() by the "ps/output.c:
Replace strcpy() with snprintf() in show_one_proc()." patch)

pr_stime(): Check the return value of strftime() (in case of an error,
"the contents of the array are undefined").

help_pr_sig(): Handle the "len < 8" case, otherwise "sig+len-8" may
point outside the sig string.

pr_context(): Handle the empty string case, or else "outbuf[len-1]"
points outside outbuf.

---------------------------- adapted for newlib branch
. logic is quite different with 'stacks' vs. 'proc_t'

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00
Qualys Security Advisory
0bd44bc76e 0059-ps/output.c: Enforce a safe range for max_rightward.
Enforce a maximum max_rightward of OUTBUF_SIZE-1, because it is used in
constructs such as "snprintf(outbuf, max_rightward+1," (we could remove
the extra check at the beginning of forest_helper() now, but we decided
to leave it, as a precaution and reminder).

The minimum max_rightward check is not strictly needed, because it is
unsigned. However, we decided to add it anyway:

- most of the other variables are signed;

- make it visually clear that this case is properly handled;

- ideally, the minimum max_rightward should be 1, not 0 (to prevent
  integer overflows such as "max_rightward-1"), but this might change
  the behavior/output of ps, so we decided against it, for now.

Instead, we fixed the only function that overflows if max_rightward is
0. Also, enforce the same safe range for max_leftward, although it is
never used throughout the code-base.

---------------------------- adapted for newlib branch
. adapted via 'patch' without rejections

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:45:38 +10:00