procps/proc
Qualys Security Advisory 48d118b81b 0084-proc/readproc.c: Work around a design flaw in readeither().
readeither() caches (in new_p) a pointer to the proc_t of a task-group
leader, but readeither()'s callers can do pretty much anything with the
proc_t structure passed to and/or returned by this function. For
example, they can 1/ free it or 2/ recycle it (by passing it to
readeither() as x).

1/ leads to a use-after-free, and 2/ leads to unexpected behavior when
taskreader()/simple_readtask() is called with new_p equal to x (this is
not a theoretical flaw: 2/ happens in readproctab3() when want_task()
returns false and p is a group leader).

As a workaround, we keep a copy of new_p's first member (tid) in static
storage, and the next times we enter readeither() we check this "canary"
against the tid in new_p: if they differ, we reset new_p to NULL, which
forces the allocation of a new proc_t (the new "leader", or reference).

This always detects 2/ (because free_acquired(x,1) memsets x and hence
new_p); always detects 1/ if freed via free_acquired() and/or freeproc()
(very likely, otherwise memory may be leaked); probably detects 1/ even
if freed directly via free() (because the canary is the first member of
proc_t, likely to be overwritten by free()); but can not detect 1/ if
free() does not write to new_p's chunk at all.

Moreover, accessing new_p->tid to check the canary in case 1/ is itself
a use-after-free, so a better long-term solution should be implemented
at some point (we wanted to avoid intrusive and backward-incompatible
changes in this library function, hence this imperfect workaround).

---------------------------- adapted for newlib branch
. adapted via 'patch' (rejected due to 'xcalloc' ref)
. with loss of both readproctab functions, most no longer true

Signed-off-by: Jim Warner <james.warner@comcast.net>
2018-06-09 21:35:19 +10:00
..
.gitignore
COPYING
devname.c 0040-proc/devname.c: Never write more than "chop" (part 2). 2018-06-09 21:35:19 +10:00
devname.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
diskstats.c library: delete some obsolete parameter checking logic 2017-12-20 21:18:54 +11:00
diskstats.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
escape.c 0051-proc/escape.c: Prevent buffer overflows in escape_command(). 2018-06-09 21:35:19 +10:00
escape.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
libprocps.pc.in
libprocps.sym library: provide for validating result type references 2016-08-07 21:40:48 +10:00
meminfo.c library: delete some obsolete parameter checking logic 2017-12-20 21:18:54 +11:00
meminfo.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
namespace.c library: ensure 'namespace' types treated consistently 2017-01-04 08:29:44 +11:00
namespace.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
numa.c library: set stage for NUMA node field display support 2017-05-22 21:38:10 +10:00
numa.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
pids.c 0076-proc/readproc.c: Harden vectorize_this_str(). 2018-06-09 21:35:19 +10:00
pids.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
procps-private.h
procps.h library: provide for validating result type references 2016-08-07 21:40:48 +10:00
pwcache.c library: eliminate all dependencies on alloc.h/alloc.c 2017-12-20 21:18:53 +11:00
pwcache.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
readproc.c 0084-proc/readproc.c: Work around a design flaw in readeither(). 2018-06-09 21:35:19 +10:00
readproc.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
slabinfo.c 0042-proc/slab.h: Fix off-by-one overflow in sscanf(). 2018-06-09 21:35:19 +10:00
slabinfo.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
stat.c library: delete some obsolete parameter checking logic 2017-12-20 21:18:54 +11:00
stat.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
sysinfo.c library: eliminate all dependencies on alloc.h/alloc.c 2017-12-20 21:18:53 +11:00
sysinfo.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
test_namespace.c
test_pids.c related: change for lost 'PROCPS_' enumerator prefixes 2016-07-26 20:49:44 +10:00
test_sysinfo.c
test_uptime.c
test_version.c
uptime.c 0047-proc/whattime.c: Always initialize buf. 2018-06-09 21:35:19 +10:00
uptime.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
version.c
version.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
vmstat.c library: delete some obsolete parameter checking logic 2017-12-20 21:18:54 +11:00
vmstat.h library: replace the troublesome '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
wchan.c library: don't strip off prefixes from the wchan names 2016-12-07 22:07:00 +11:00
wchan.h library: eliminate inappropriate '__BEGIN_DECLS' macro 2018-05-06 07:19:38 +10:00
xtra-procps-debug.h library: strengthen the VAL macro validation functions 2016-08-08 22:01:37 +10:00