]> granicus.if.org Git - procps-ng/log
procps-ng
5 years agotop: update copyright notations & fix a man page error
Jim Warner [Sun, 13 Oct 2019 05:00:00 +0000 (00:00 -0500)]
top: update copyright notations & fix a man page error

Beyond the copyrights, the single oops in the man page
was introduced in the commit which is referenced below
dealing with some cleanup following that Qualys audit.

Reference(s):
. man page error introduced
commit e531c781401ab76ff0c1834c6e40d5c440bdb8e4

Signed-off-by: Jim Warner <james.warner@comcast.net>
5 years agosnice: Fix matching on PID
Craig Small [Mon, 21 Oct 2019 21:14:35 +0000 (08:14 +1100)]
snice: Fix matching on PID

@MarsChan correctly pointed out that the read() always returns 128
bytes, so skipping on >= 128 will always mean we skip. Their suggestion
was to remove the equality, but read will never go past 128 bytes so
I just removed that part of the check.

References:
 procps-ng/procps!89

5 years agoMerge branch 'ylecuyer/procps-patch-1'
Craig Small [Sat, 21 Sep 2019 07:08:53 +0000 (17:08 +1000)]
Merge branch 'ylecuyer/procps-patch-1'

References:
  procps-ng/procps!86

5 years agotop: fix out-of-band read when using -p with exactly 20 pids
Yoann Lecuyer [Fri, 2 Aug 2019 22:19:57 +0000 (22:19 +0000)]
top: fix out-of-band read when using -p with exactly 20 pids

5 years agoMerge branch 'cbaenziger/procps-pgrep_more_than_4k'
Craig Small [Sat, 21 Sep 2019 06:43:50 +0000 (16:43 +1000)]
Merge branch 'cbaenziger/procps-pgrep_more_than_4k'

References:
 procps-ng/procps!85

5 years agotestsuite: pgrep: Provide test for matching a more than 4k command line; beware as...
Clay Baenziger [Sat, 3 Aug 2019 09:58:18 +0000 (05:58 -0400)]
testsuite: pgrep: Provide test for matching a more than 4k command line; beware as TCL does not seem to match on strings >4k

5 years agopgrep: Use POSIX _SC_ARG_MAX for maximum full command line length
Clay Baenziger [Sun, 28 Apr 2019 22:17:42 +0000 (18:17 -0400)]
pgrep: Use POSIX _SC_ARG_MAX for maximum full command line length

5 years agopidof: Fix separator option
Craig Small [Sat, 21 Sep 2019 06:17:05 +0000 (16:17 +1000)]
pidof: Fix separator option

Short separator option used 's' instead of 'S' which
meant it pidof would use the single-shot option when you
meant separator.

Added alias for -S using -d to give some sysvinit pidof
compatibility.

References:
    commit 73492b182dc60c1605d1b0d62de651fad97807af
    procps-ng/procps#141

5 years agowatch: fix unsetting of COLOR flag
Craig Small [Sat, 21 Sep 2019 06:03:28 +0000 (16:03 +1000)]
watch: fix unsetting of COLOR flag

watch used to check if COLOR was required, check if color was
possible then.. set the flag again.

It should have been cleared after failing to get colors out of
ncurses.

References:
 procps-ng/procps#143

5 years agosysctl: ignore errors from lines starting with -
Craig Small [Sat, 21 Sep 2019 05:50:53 +0000 (15:50 +1000)]
sysctl: ignore errors from lines starting with -

The systemd sysctl ignores errors from preload files that start
with a hyphen.  This change brings the procps sysctl into line with
their change.

References:
    procps-ng/procps#138
    https://github.com/systemd/systemd/pull/13191
    https://github.com/systemd/systemd/pull/13141

5 years agoNEWS: add a new item (top), fix one other item (pgrep)
Jim Warner [Fri, 16 Aug 2019 05:00:00 +0000 (00:00 -0500)]
NEWS: add a new item (top), fix one other item (pgrep)

Signed-off-by: Jim Warner <james.warner@comcast.net>
5 years agotop: avoid a potential SEGV during program termination
Jim Warner [Tue, 6 Aug 2019 05:00:00 +0000 (00:00 -0500)]
top: avoid a potential SEGV during program termination

The backtrace shown in the bug report referenced below
illustrates a 'normal' program termination interrupted
with some signal, ultimately then causing a top crash.

So this commit just rearranges a little code such that
all signals will be blocked during that rather lengthy
end of program processing regardless of how initiated.

[ in that report, ignore the assertion regarding the ]
[ '-n' option. it obviously was not '1' since do_key ]
[ had been called, which otherwise wouldn't be true. ]

[ and when it is '1' the -d option would be ignored. ]

Reference(s):
https://bugzilla.redhat.com/show_bug.cgi?id=1737552

Signed-off-by: Jim Warner <james.warner@comcast.net>
5 years agotop: tweak logic associated with keyboard translations
Jim Warner [Sat, 3 Aug 2019 05:00:00 +0000 (00:00 -0500)]
top: tweak logic associated with keyboard translations

This commit most significant change is the elimination
of the kbd_ENTER entry from that tinfo_tab in iokey().

That entry was a useless artifact left from the commit
which is shown below. It makes no sense to 'translate'
a keystroke into something it already was (i.e. '\n').

The remaining changes just reorder those table entries
for a progression consistent with vim keys: h,j,k & l.

Reference(s):
. fix 'iokey()' flaw preventing proper translations
commit 42f0a341ba5d3cbcd883bef538384ae705984bd9

Signed-off-by: Jim Warner <james.warner@comcast.net>
5 years agotop: standardize PgUp/PgDn management within task area
Jim Warner [Sat, 29 Jun 2019 05:00:00 +0000 (00:00 -0500)]
top: standardize PgUp/PgDn management within task area

This commit standardizes the behavior of the PgUp/PgDn
keys when on the main top display. With PgDn, the last
process will become the first process. With PgUp, that
first task will now appear as the last task displayed.

[ this also eliminates some quirks that were evident ]
[ when paging at or near the end of the process list ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
5 years agotop: attempt to provide missing xterm vim keys support
Jim Warner [Mon, 24 Jun 2019 05:00:00 +0000 (00:00 -0500)]
top: attempt to provide missing xterm vim keys support

A recent issue (and merge request) reminded me of gaps
in top's alternate 'vim' navigation keys support. Some
xterm emulators do not pass the customary strings when
keys were used with the <Ctrl> and/or <Alt> modifiers.

While it was a known problem, this issue/merge request
prompted research into the root cause. As it turns out
the problem is traceable to an X resource known by the
name 'eightBitInput'. When 'true' (the default), a key
pressed in combination with <Alt> will not be preceded
by the <Esc> character. Rather, a single character was
presented (modified via an 'eightBitMeta' X resource).

The following approaches would eliminate this problem:

. start xterm thus: xterm -xrm '*eightBitInput: false'

. use: ~/.Xresources with 'Xterm*eightBitInput: false'

. build xterm with 'configure --enable-meta-sends-esc'
( apparently used for CentOS, Fedora, openSUSE, etc. )

. enable xterm's menu via 'configure --enable-toolbar'
( so the user can set the 'Meta Sends Escape' option )

Of course, none of the above steps is desirable from a
user's perspective. So, this patch will add additional
entries to the iokey function's tinfo_tab to represent
strings passed when the <Alt> key does not send <Esc>.

[ hopefully they'll be the same across all platforms ]

Lastly, this patch will also eliminate those redundant
<Atl> + '\', '/', '<' & '>' provisions, which now seem
like overkill and suffer from that same 'eightBitMeta'
xterm problem. And we might as well say goodbye to the
4 '<Alt> + arrow key' table entries (which do not seem
to currently work with any emulator which I can find).

[ what in the world was I thinking way back in 2011? ]

Reference(s):
. issue
https://gitlab.com/procps-ng/procps/issues/135
. merge request
https://gitlab.com/procps-ng/procps/merge_requests/84

Signed-off-by: Jim Warner <james.warner@comcast.net>
5 years agolibrary: tweak that lxc container support a final time
Jim Warner [Wed, 13 Feb 2019 06:00:00 +0000 (00:00 -0600)]
library: tweak that lxc container support a final time

Since the patch referenced below traded a compile-time
'sizeof' directive for a run-time 'strlen' call, there
is no need to declare lxc patterns as explicit arrays.

We'll also use the actual lxc patterns by omitting the
beginning slashes ('/') for both of those definitions.

And, looking to the future when most/all lxc users are
using the most recent lxc release, we will make things
slightly more efficient by reversing those two pattern
literals so the most recent pattern was checked first.

Of course, such a change only benefits tasks which are
running in a container. For the majority of processes,
both literals will be compared in that 'if' statement,
assuming the 'LXC' field is currently being displayed.

[ plus, a leftover parenthesis pair has been removed ]

Reference(s):
commit f67127e7288879d54448ffbb63c7319835c02e91

Signed-off-by: Jim Warner <james.warner@comcast.net>
5 years agotop: just correct a couple of misspellings in comments
Jim Warner [Fri, 1 Feb 2019 06:00:00 +0000 (00:00 -0600)]
top: just correct a couple of misspellings in comments

Signed-off-by: Jim Warner <james.warner@comcast.net>
5 years agomisc: update for pgrep runstate
Craig Small [Mon, 4 Mar 2019 20:59:48 +0000 (07:59 +1100)]
misc: update for pgrep runstate

Added some minor fixes and notes

5 years agoMerge branch 'edneville/procps-issue_109_match_state'
Craig Small [Mon, 4 Mar 2019 20:55:01 +0000 (07:55 +1100)]
Merge branch 'edneville/procps-issue_109_match_state'

References:
 https://bugs.debian.org/919381
 procps-ng/procps!81

5 years agopgrep.c: Match based on process run state for issue 109
ed [Thu, 3 Jan 2019 22:34:14 +0000 (22:34 +0000)]
pgrep.c: Match based on process run state for issue 109

5 years agoMerge branch 'pks-t/procps-pks/sysctl-handle-close-errors'
Craig Small [Mon, 4 Mar 2019 10:46:18 +0000 (21:46 +1100)]
Merge branch 'pks-t/procps-pks/sysctl-handle-close-errors'

References:
 procps-ng/procps!65

5 years agosysctl: do not report set key in case `close_stream` fails
Patrick Steinhardt [Tue, 29 May 2018 11:29:03 +0000 (13:29 +0200)]
sysctl: do not report set key in case `close_stream` fails

As we're using buffered I/O when writing kernel parameters, write errors
may get delayed until we close the `FILE` stream. As we are currently
outputting the key that is to be set disregarding the return value of
`close_stream`, we may end up in a situation where we report error and
success:

    $ sysctl kernel.printk_ratelimit=100000000000000
    sysctl: setting key "kernel.printk_ratelimit": error code 22
    kernel.printk_ratelimit = 100000000000000

Fix the issue by only outputting the updated value in case
`close_stream` does not report an error.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
5 years agoprocio: fix potential out-of-bounds access when write fails
Patrick Steinhardt [Tue, 29 May 2018 11:20:00 +0000 (13:20 +0200)]
procio: fix potential out-of-bounds access when write fails

When writing to procfs via `proc_write` fails, we try to chunk the
buffer into smaller pieces to work around that issue. When searching for
the next location to split the buffer, though, we can underflow the
buffer in case the current offset is smaller than `LINELEN`. Fix the
issue by passing `cookie->offset` instead of `LINELEN` into `memrchr` in
case `cookie->offset` is smaller than `LINELEN`.

This bug can be triggered on musl-based systems, e.g. by executing

    $ sysctl kernel.printk_ratelimit=1000000000000000

As the value is out-of-range, `write` will return an error and set
`errno` to `EINVAL`. As we're only trying to write a smallish buffer
with a length smaller than `LINELEN` and as the buffer does not contain
any newlines, the call

    token = (char*)memrchr(cookie->buf+offset, '\n', LINELEN);

will underflow the buffer and crash the program.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
5 years agoprocio: use the user-supplied delimiter to split large input
Patrick Steinhardt [Fri, 8 Jun 2018 11:27:20 +0000 (13:27 +0200)]
procio: use the user-supplied delimiter to split large input

The `fprocopen` function allows users to specify a delimiter chacter
that is used to split very large input lines into smaller chunks. While
the code checks that the caller did actually supply the delimiter, it is
in fact never used to split the string. Instead, the hardcoded default
character ',' is always used to split the string.

Fix the issue by using `cookie->delim` instead.

5 years agodocs: fix "delimeter" typo in fprocopen man page
Patrick Steinhardt [Fri, 8 Jun 2018 11:26:46 +0000 (13:26 +0200)]
docs: fix "delimeter" typo in fprocopen man page

5 years agotop: improve logic surrounding 'smp_num_cpus' variable
Jim Warner [Fri, 11 Jan 2019 06:00:00 +0000 (00:00 -0600)]
top: improve logic surrounding 'smp_num_cpus' variable

I thank Guido Jäkel for raising the issue cited in the
merge request referenced below. While restoring 1 line
of code would produce the desired results, it does not
address the root cause of that problem he experienced.

The variable 'smp_num_cpus' was set by libprocps via a
sysconf(_SC_NPROCESSORS_ONLN) call. It was supposed to
represent total number of processors currently online.
It also served as the position in the Cpu_tics[] array
where the /proc/stat line #1 (cpu summary) was stored.

The variable 'Cpu_faux_tot' was valued by top based on
total individual cpus parsed from the /proc/stat file.
It serves as a fence post for Cpu_tics[] array access.

The problem Guido experienced results from a disparity
between those 2 variables, plus one instance where the
wrong variable was used in the summary_show() routine.

. Here is the real culprit, the actual incorrect code:
. summary_hlp(&Cpu_tics[Cpu_faux_tot], N_txt(WORD_a...

Which always should have been represented in this way:
. summary_hlp(&Cpu_tics[smp_num_cpus], N_txt(WORD_a...

------------------------------------------------------
The above 'disparity' might arise in any system when a
cpu is taken offline since there's a 3 second delay in
cpu and memory refreshes in an effort to reduce costs.
Usually this particular condition will be short lived.

However, there is a more persistent problem under lxc.

If a host cpu is taken offline and then brought online
again, within the container sysconf returns the proper
number of online processors. But, /proc/stat does not!
Sadly, I've yet to find a way to coax a container into
refreshing its /proc/stat, short of reboting the host.

[ might that represent a potential bug in lxc logic? ]

Reference(s):
https://gitlab.com/procps-ng/procps/merge_requests/82

Signed-off-by: Jim Warner <james.warner@comcast.net>
With-thanks-to: Guido Jäkel <G.Jaekel@DNB.DE>
5 years agolibrary: adapt readproc for the latest lxc conventions
Jim Warner [Thu, 10 Jan 2019 06:00:00 +0000 (00:00 -0600)]
library: adapt readproc for the latest lxc conventions

The merge request shown below prompted (thankfully) an
examination of our lxc containers logic in readproc.c.

As it turns out, the lxc folks changed that eyecatcher
used to identify containers within a task cgroup file.

So this patch, with little extra cost, will enable the
libprocps lxc_containers() guy to handle both strings.

[ additionally, I was shocked to find lxc allows the ]
[ eyecatcher to be changed at ./configure time. such ]
[ a provision has always existed. unfortunately, the ]
[ changed value was only available to root, assuming ]
[ one wished to tackle that undocumented liblxc api. ]

Reference(s):
. what prompted lxc support reevaluation
https://gitlab.com/procps-ng/procps/merge_requests/82
. original lxc support introduced
commit 0557504f9cb84987f9d9038755404be017bdb7d1

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: harden management of 'Hide_pid' array allocations
Jim Warner [Mon, 8 Oct 2018 05:00:00 +0000 (00:00 -0500)]
top: harden management of 'Hide_pid' array allocations

While setting the size of that Hide_pid array to equal
total pids high water mark was probably safe, in truth
there is no real relationship. At some point one could
exceed that HWM if the 'v' toggle was used extensively
and at least 1 of those entries remained non-negative.

This commit simply divorces Hide_tot from the pids HWM
and bases Hide_pid array size on actual run-time need.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: enable alternate '+' placement with collapsed pid
Jim Warner [Mon, 1 Oct 2018 05:00:00 +0000 (00:00 -0500)]
top: enable alternate '+' placement with collapsed pid

Currently, except for tasks that have no parents, when
a process' children are collapsed the '+' indicator is
shown in the first position within that COMMAND field.

This commit simply provides for indenting the '+' char
so it displays next to that program name/command line.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: plug a minor hole in the vertical scrolling logic
Jim Warner [Tue, 18 Sep 2018 05:00:00 +0000 (00:00 -0500)]
top: plug a minor hole in the vertical scrolling logic

In that commit referenced below, a few edge cases were
addressed regarding vertical positioning involving any
'hidden' tasks. But, 2 additional edge cases remained.

In a running top, if the user employed 'other filters'
(o/O) or 'user filters' (u/U) proper vertical position
was not ensured. And, while this could be easily fixed
by striking the home/end or up/down arrow keys, it was
very poor etiquette to shift this burden to the users.

So, this patch plugs that gap, automating the process.

Reference(s):
commit c6e68e2fedc21b2537066433d1b50a60e06774eb

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: a tweak to the forest view collapsed code (again)
Jim Warner [Tue, 21 Aug 2018 05:00:00 +0000 (00:00 -0500)]
top: a tweak to the forest view collapsed code (again)

From the outset, top has tried to provide some minimal
garbage collection in support of forest view collapse.
For example, with every 'v' keystroke, a check is made
of the currently targeted pids.  If all were negative,
which means expanded, that Hide_pid array was emptied.

Recently, yet another efficiency was added wherein the
continuing scan for a targeted pid was terminated when
a match was found. But, one more inefficiency existed.

When a task which was subject to collapse under forest
view mode has disappeared (ended), repeatedly scanning
for such a pid with each iteration makes little sense.

So this commit will negate such targeted pids and thus
avoid scanning every current task looking for a match.
Then, if 'v' is ever stuck at some point in the future
there will be a chance to empty that Hide_pid[] array.

[ hopefully this will be a final tweak of the forest ]
[ view collapse stuff, but cross your fingers anyway ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: the '#define PRETEND2_5_X' was found to be broken
Jim Warner [Tue, 14 Aug 2018 05:00:00 +0000 (00:00 -0500)]
top: the '#define PRETEND2_5_X' was found to be broken

Our newlib branch has already dropped support for such
old kernels. However, the master branch still supports
them. So this patch will correct a broken #define that
is used to influence the top Summary Area information.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: the '#define SCROLLVAR_NO' is bent but not broken
Jim Warner [Tue, 14 Aug 2018 05:00:00 +0000 (00:00 -0500)]
top: the '#define SCROLLVAR_NO' is bent but not broken

This patch simply avoids an 'unused' variable warning.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: speed up the collapsed children forest view logic
Jim Warner [Thu, 9 Aug 2018 05:00:00 +0000 (00:00 -0500)]
top: speed up the collapsed children forest view logic

In forest view mode, once a collapsible parent process
and all of its children (if any) have been identified,
there is no longer a need to scan the remaining tasks.

So this patch will just force a new scan for any other
'Hide_pid' entries which might remain to be identified
after a targeted parent has been completely processed.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: miscellaneous accumulated tweaks to code/comments
Jim Warner [Wed, 8 Aug 2018 05:00:00 +0000 (00:00 -0500)]
top: miscellaneous accumulated tweaks to code/comments

This patch includes the following miscellaneous stuff:

. ensure 1 space before any '*' ptr sizeof() reference

. explain the rather cryptic 'ioa' guy a little better

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agodocs: Update ps.1 to warn about command name length
Craig Small [Wed, 8 Aug 2018 10:13:58 +0000 (20:13 +1000)]
docs: Update ps.1 to warn about command name length

Previous versions of ps used to only match on the first 15 characters
because that's what the kernel used to provide. Newer kernels have a
longer length for this field so procps has been updated to suit.

References:
 procps-ng/procps#101
 https://bugzilla.suse.com/show_bug.cgi?id=1099091

6 years agoMerge branch 'jrybar/procps-file2strvec-segfault-sanity'
Craig Small [Wed, 8 Aug 2018 10:00:33 +0000 (20:00 +1000)]
Merge branch 'jrybar/procps-file2strvec-segfault-sanity'

References:
 procps-ng/procps!71

6 years agoPossible segfault in file2strvec introduced by latest CVE fix
Jan Rybar [Mon, 23 Jul 2018 12:44:52 +0000 (14:44 +0200)]
Possible segfault in file2strvec introduced by latest CVE fix

'rbuf' used before allocated.
Revealed by static analysis

6 years agoMerge branch 'simonis/procps-master'
Craig Small [Wed, 8 Aug 2018 09:55:26 +0000 (19:55 +1000)]
Merge branch 'simonis/procps-master'

References:
 procps-ng/procps!70
 procps-ng/procps#105

6 years agoBuild fails if not done from the source root directory (#105)
simonis [Tue, 17 Jul 2018 14:11:49 +0000 (16:11 +0200)]
Build fails if not done from the source root directory (#105)

6 years agotop: existing 'Inspect' pipe feature now more flexible
Jim Warner [Wed, 25 Jul 2018 05:00:00 +0000 (00:00 -0500)]
top: existing 'Inspect' pipe feature now more flexible

Currently, it isn't possible to establish an 'Inspect'
pipe that relies on SIGINT to end. That's because this
signal will also end the parent process (top) as well.

So this patch will temporarily ignore that signal when
processing any 'Inspect' pipe, allowing one like this:

. pipe ^I Trace Calls ^I /usr/bin/strace -r -p %d 2>&1

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: avoid unrecognized 'Inspect' entries memory leaks
Jim Warner [Sat, 21 Jul 2018 05:00:00 +0000 (00:00 -0500)]
top: avoid unrecognized 'Inspect' entries memory leaks

Upon startup there exists the potential for some minor
memory leakage should some rcfile 'Inspect' entries be
invalid. By delaying any malloc/strdup until after the
entries are completely validated we will prevent that.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: ensure collapsed children cpu reported accurately
Jim Warner [Wed, 18 Jul 2018 05:00:00 +0000 (00:00 -0500)]
top: ensure collapsed children cpu reported accurately

Parent tasks with collapsed children should have their
cpu reflect any unseen tasks only under the following:

1) When built without TREE_VCPUOFF having been defined

2) Exclusively when 'Show_FOREST' display mode was set

3) And only under the current window when in alternate
display mode (except if TREE_VWINALL has been defined)

So, this commit just ensures these objectives are met.

Reference(s):
. issue that began odyssey
https://gitlab.com/procps-ng/procps/issues/99
. original cpu implementation
commit 3da7318683d2fea10526384e0a4368a378b486a5

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: fix the collapsed children cpu segmentation fault
Jim Warner [Tue, 17 Jul 2018 05:00:00 +0000 (00:00 -0500)]
top: fix the collapsed children cpu segmentation fault

While that 'Hide_cpu' value will always be zero unless
there are collapsed children, the damn array will only
be present when a window's in 'Show_FOREST' view mode.

Reference(s):
https://www.freelists.org/post/procps/important-improvements-to-top,8

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: '^V' is now 'v' (collapse/expand children toggle)
Jim Warner [Tue, 10 Jul 2018 05:00:00 +0000 (00:00 -0500)]
top: '^V' is now 'v' (collapse/expand children toggle)

Using Ctrl-V for the collapse children key now appears
as a mistake. First, it's too close to that Ctrl-C key
which would prematurely terminate top. Second, a lower
case 'v' was unused and perfectly compliments an upper
case 'V' which is used to toggle 'forest view' itself.

Reference(s):
https://gitlab.com/procps-ng/procps/issues/99

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: some minor renaming, reformatting and rearranging
Jim Warner [Wed, 4 Jul 2018 05:00:00 +0000 (00:00 -0500)]
top: some minor renaming, reformatting and rearranging

This commit just addresses these miscellaneous issues:
. always use 'p' for pointers to that proc_t structure
. always match order of local #undef to parent #define
. forest_create use of array index made more efficient

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: parent total cpu includes collapsed children, doc
Jim Warner [Mon, 25 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: parent total cpu includes collapsed children, doc

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: parent total cpu includes collapsed children, pgm
Jim Warner [Mon, 25 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: parent total cpu includes collapsed children, pgm

Now, when a parent's children have been collapsed, the
cpu used by those unseen tasks will disappear no more.
Instead such tics will be added to the parent's total.

[ if one wished a return to the 'land of lost tics', ]
[ the '#define TREE_VCPUOFF' directive is available. ]

------------------------------------------------------
Note: With collapsible parents now displaying children
cpu usage, it will eventually be noticed the cpu stats
for the summary area and task areas often vary widely.

It's worth a reminder that for top's summary area each
individual cpu and the cpu summary is limited to 100%,
regardless of how many tics a linux kernel may export.

An individual task is limited to 100% times the number
of threads. But, in no case will cpu usage ever exceed
100% times total number of processors. Such limits are
further reduced under 'Solaris' mode ('I' toggle off).
In this mode, a task cpu usage will never exceed 100%.
These limits will now also apply to collapsed parents.

In addition to those influences, results are subjected
to kernel timer sampling anomalies and the distortions
inherent in a small sample size, made worse by smaller
delay intervals. Often there is just 1 or 2 tics for a
few tasks at smaller intervals such as: 1/10th second.

Anyway, should questions on this subject arise, a good
starting point, beyond the reminders above, is the 1st
link listed below. Those other links were derivatives.

Reference(s):
. from the kernel documentation
https://www.kernel.org/doc/Documentation/cpu-load.txt
. as mentioned in the above kernel documentation
https://lkml.org/lkml/2007/2/12/6
. from above, with many more links on the subject
https://www.boblycat.org/~malc/apc/

Signed-off-by: Jim Warner <james.warner@comcast.net>
top: parent total cpu includes collapsed children, pgm

6 years agotop: a refactor to prepare for including collapsed cpu
Jim Warner [Sun, 24 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: a refactor to prepare for including collapsed cpu

So that the impact (minimal) of the next commit can be
isolated, this commit just involves a little renaming,
reformat plus a refactor of some proc_t pointer logic.

[ renaming, relocation and changes to 'user_matched' ]
[ wasn't strictly necessary, but now mirrors newlib. ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: a few tweaks for those scrolling (mostly) changes
Jim Warner [Sat, 23 Jun 2018 17:00:00 +0000 (12:00 -0500)]
top: a few tweaks for those scrolling (mostly) changes

This patch just addresses some edge cases with respect
to 'unseen' tasks. Given the ability to preserve other
filters in the rcfile, it's entirely possible the very
first task(s) may not be visible at top startup. Also,
when switching between windows ('a'/'w') we should try
to always position its row #1 on some visible process.

Lastly, a window might have *NO* visible tasks at all.
Therefore, protect 'window_hlp' from an infinite loop.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agomisc: Remove build badge
Craig Small [Sat, 23 Jun 2018 12:51:12 +0000 (22:51 +1000)]
misc: Remove build badge

GitLab now has a separate spot for build status badges outside the
README.

References:
 procps-ng/procps#95

Signed-off-by: Craig Small <csmall@enc.com.au>
6 years agoFix error in vmstat documentation.
Robert Bowmaker [Sat, 23 Jun 2018 08:07:47 +0000 (08:07 +0000)]
Fix error in vmstat documentation.

Inspection of vmstat.c and experimentation with the binary itself
both confirm that the units of the swap (si/so) fields are
controlled by the --unit option.

References:
 procps-ng/procps!69
 procps-ng/procps#100

Signed-off-by: Craig Small <csmall@enc.com.au>
6 years agotop: normalize vertical scrolling for hidden processes
Jim Warner [Wed, 20 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: normalize vertical scrolling for hidden processes

To my knowledge, nobody has ever complained about some
anomalies when scrolling vertically if tasks should be
hidden from view. This can happen with the user filter
('u/U') or other filter ('o/O') features. And although
some tasks are not shown, they still impact scrolling.

This is most apparent when that scroll coordinates msg
is on ('C') & up/down arrow keys used (vs. pgup/pgdn).

Now that we can collapse/expand forked children, there
is a potential for yet more of those hidden processes.

So this commit normalizes vertical scrolling providing
an expected behavior. In other words, the up/down keys
skip the unseen tasks to reposition on a visible task.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: refactor the 'scroll coordinates' message support
Jim Warner [Wed, 20 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: refactor the 'scroll coordinates' message support

This patch is simply preparation for upcoming vertical
scrolling enhancements. With those changes, it will be
impossible to predict what the beginning task position
should be at the time the message is currently issued.

This patch will allow such a message to be shown after
the individual windows' tasks have all been displayed.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: allow collapsible forest view children, documents
Jim Warner [Tue, 19 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: allow collapsible forest view children, documents

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: allow collapsible forest view children, pgm logic
Jim Warner [Tue, 19 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: allow collapsible forest view children, pgm logic

The issue cited below really dealt with preserving the
'Other filter' criteria in the rcfile. But as an aside
the htop 'F6' feature (collapsed children) was raised.

I took that as an implied challenge and decided to try
implementing a similar feature in top. So, this commit
will now provide a brand new forest view toggle ('^V')
which will be used to collapse/expand forked children.

[ this patch will also lead to additional patches in ]
[ support of more rational vertical scrolling, since ]
[ many more tasks might now be hidden in some window ]

Reference(s):
. where this secondary issue was raised
https://gitlab.com/procps-ng/procps/issues/99

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: to prepare for collapse, move forest view support
Jim Warner [Tue, 19 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: to prepare for collapse, move forest view support

In anticipation of a new collapsible child feature, we
will have to make some forest view variables available
to that 'keys_task()' function. This commit just moves
the forest view logic ahead of tertiary input support.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: 'other filters' saved with config file, documents
Jim Warner [Sun, 17 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: 'other filters' saved with config file, documents

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: 'other filters' saved with config file, pgm logic
Jim Warner [Sun, 17 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: 'other filters' saved with config file, pgm logic

Well, after the rearranging and refactoring, all those
active 'other filter' entries for each window will now
be preserved in the user's configuration file via 'W'.

For raising the issue below, thanks to Marco Ippolito.

Reference(s):
https://gitlab.com/procps-ng/procps/issues/99

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: refactored some more peripheral 'inspect' support
Jim Warner [Sun, 17 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: refactored some more peripheral 'inspect' support

These modifications are being made now in anticipation
of some coming 'other filter' config file changes. Our
entries must be written last to the rc file since that
is where the users have been told to 'echo' additions.

Therefore, that 'config_insp' function must be adapted
to anticipate a passed buffer that was already primed.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: refactored some of that 'other filtering' support
Jim Warner [Sun, 17 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: refactored some of that 'other filtering' support

If we are to support preserving 'other filter' entries
in the rcfile, then the current logic setting up those
osel entries for a WIN_t must be shareable for startup
and when interacting with a user. So, this commit just
repositions this current code in a shareable function.

[ along the way, we give the prior guy a proper name ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: reposition some of that 'other filtering' support
Jim Warner [Sun, 17 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: reposition some of that 'other filtering' support

When we get around to saving that 'Other Filter' stuff
in the rcfile, we'll need access to the Fieldstab plus
the justify_pad() function. So this commit repositions
two 'osel' functions in anticipation of adding 1 more.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: refactor some of that configuration files support
Jim Warner [Sun, 17 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: refactor some of that configuration files support

The 'config_file()' function was getting a little long
in the tooth, so this commit simply renames/rearranges
some stuff anticipating 'other filters' in the rcfile.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: let's honor <Esc> key on color mapping screen too
Jim Warner [Wed, 13 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: let's honor <Esc> key on color mapping screen too

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: make rcfile duplicate fields check more efficient
Jim Warner [Tue, 12 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: make rcfile duplicate fields check more efficient

Jeeze, there was no need to employ *both* strchr() and
strrchr() when ensuring fields hadn't been duplicated.

So let's avoid one of those function calls completely.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: a tweak to the recent 256-color termninal support
Jim Warner [Thu, 7 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: a tweak to the recent 256-color termninal support

We now use the actual terminfo 'max_colors' value with
the 'color mapping' screen, not that hard coded '256'.

Reference(s):
https://gitlab.com/procps-ng/procps/issues/96
. introduced 256 color support
commit cf057d2fe50c1c7e0e2c11f4e03e0be3ac2f9457

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: treat all of those vertical scroll keys uniformly
Jim Warner [Wed, 6 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: treat all of those vertical scroll keys uniformly

When not displaying all tasks (the 'i' toggle is off),
the concept of vertical scrolling has no real meaning.

However, only 2 keys (up/down) impacting that vertical
position were currently being disabled with this mode.

This patch will extend such treatment to the following
additional vertical impact keys: pgup,pgdn,home & end.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: force return to row 1 for thread mode transitions
Jim Warner [Wed, 6 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: force return to row 1 for thread mode transitions

This program does a good job of policing that vertical
scrolled position, ensuring that total tasks are never
exceeded. However, during transitions from thread mode
to normal task mode (the 'H' toggle) that wasn't true.

And while there was no real harm done, it did make the
use of up/down arrow keys "appear" disabled especially
if that scroll message was not displayed ('C' toggle).

This patch simply forces a return to row #1 whenever a
user toggles that display between thread & task modes.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: fix 'iokey()' flaw preventing proper translations
Jim Warner [Wed, 6 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: fix 'iokey()' flaw preventing proper translations

As it turns out, the very first entry in the 'iokey()'
tinfo_tab was preventing the proper translation of the
simulated PgUp/PgDn keys (ctrl+meta+k/j). Ignoring the
tortured history behind the most recent change to that
entry, this patch restores the previous value and once
again properly translates these particular keystrokes.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agovmstat: Prevent out-of-bounds writes in new_header() and diskheader().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
vmstat: Prevent out-of-bounds writes in new_header() and diskheader().

This does not happen with the default string (" -----timestamp-----"),
but this string is translated (to unknown lengths).

6 years agovmstat: Check return values of localtime() and strftime().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
vmstat: Check return values of localtime() and strftime().

Otherwise it leads to NULL-pointer dereferences (in case of localtime()
errors) and indeterminate contents of timebuf (in case of strftime()
errors).

6 years agovmstat: Replace memcmp() with strncmp().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
vmstat: Replace memcmp() with strncmp().

Otherwise this may read out-of-bounds (there is no guarantee that 5
bytes are actually available at partition/optarg).

6 years agovmstat: getopt*() returns -1 when done, not EOF.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
vmstat: getopt*() returns -1 when done, not EOF.

Luckily, EOF is usually -1, but this is not guaranteed by the standard.

6 years agow: Clamp maxcmd to the MIN/MAX_CMD_WIDTH range.
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
w: Clamp maxcmd to the MIN/MAX_CMD_WIDTH range.

The current checks allow out-of-range values (for example, if
getenv/atoi returns ~-2GB, maxcmd becomes ~+2GB after the subtraction).
This is not a security problem, none of this is under an attacker's
control.

6 years agow: Prevent out-of-bounds reads in print_display_or_interface().
Qualys Security Advisory [Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)]
w: Prevent out-of-bounds reads in print_display_or_interface().

They occur if disp or tmp reaches host + len: add checks. Also, constify
everything.

6 years agomisc: Tell po4a to handle email macros
Craig Small [Thu, 7 Jun 2018 11:52:46 +0000 (21:52 +1000)]
misc: Tell po4a to handle email macros

References:
 https://www.freelists.org/post/procps/newlib-Qualys-patches

6 years agotop: provide the means to exploit a 256-color terminal
Jim Warner [Mon, 4 Jun 2018 05:00:00 +0000 (00:00 -0500)]
top: provide the means to exploit a 256-color terminal

With the Qualys security audit, we began to harden our
treatment of the top rcfile. In particular, the values
read were checked so as to prevent some malicious user
from editing it in order to achieve an evil objective.

However when it came to colors I was surprised to find
that at least one user edited the rcfile for 256-color
support. Unfortunately, our new checks prevented this.

So this commit will provide the means to exploit those
extra colors with no need to manually edit the rcfile.

Reference(s):
https://gitlab.com/procps-ng/procps/issues/96

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agolibrary: tweak that change to 'supgrps_from_supgids()'
Jim Warner [Fri, 1 Jun 2018 05:00:00 +0000 (00:00 -0500)]
library: tweak that change to 'supgrps_from_supgids()'

It's good that those Qualys folks were looking over my
shoulder. They suggested a change to that commit shown
below. This improvement was obviously a better choice.

Reference(s):
. original change
commit f9a8009e27d47a61096ff7bf1de37a90f0f801e6

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agolibrary: avoid problems involving 'supgid' mishandling
Jim Warner [Wed, 30 May 2018 05:00:00 +0000 (00:00 -0500)]
library: avoid problems involving 'supgid' mishandling

Following that patch referenced below, the top SUPGRPS
field would produce a segmentation fault and ps SUPGRP
would often show "(null)". Such problems resulted from
some faulty logic in the status2proc() routine dealing
with 'Groups' (supgid) which served as a source field.

For many processes the original code produced an empty
string which prevented conversion to the expected "-".
Moreover, prior to release 3.3.15 such an empty string
will become 0 after strtol() which pwcache_get_group()
translates to 'root' yielding very misleading results.

So, now we'll check for empty '/proc/#/status/Groups:'
fields & consistently provide a "-" value for callers.

[ we'll also protect against future problems in that ]
[ new qualys logic by always ensuring valid 'supgrp' ]
[ pointers - logic which revealed our original flaw! ]

Reference(s):
. original qualys patch
0071-proc-readproc.c-Harden-supgrps_from_supgids.patch

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agodocs: Tidying of ps,kill and skill manpages
Bjarni Ingi Gislason [Thu, 31 May 2018 11:18:27 +0000 (21:18 +1000)]
docs: Tidying of ps,kill and skill manpages

Some minor tidying of these three man pages using more of the modern
(ish) macros that have been around for a while.

References:
 https://bugs.debian.org/893452
 https://bugs.debian.org/893457
 https://bugs.debian.org/894480

Signed-off-by: Craig Small <csmall@enc.com.au>
6 years agodocs: use correct units in free.1
Craig Small [Thu, 31 May 2018 10:34:13 +0000 (20:34 +1000)]
docs: use correct units in free.1

The free manpage used the correct unit names (e.g. membibyte) but the
incorrect unit (e.g. M ) for the human-readable option.

References:
 https://bugs.debian.org/898774

Signed-off-by: Craig Small <csmall@enc.com.au>
6 years agotop: sanitized some potentially corrupt 'Inspect' data
Jim Warner [Fri, 25 May 2018 05:00:00 +0000 (00:00 -0500)]
top: sanitized some potentially corrupt 'Inspect' data

This guards against rcfile 'Inspect' entries which may
include non-printable characters. While this shouldn't
occur, we have no real control over those crazy users.

[ and, while such data can't be used maliciously, it ]
[ does adversely impact such a user's screen display ]

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: prevent buffer overruns in 'inspection_utility()'
Jim Warner [Thu, 24 May 2018 05:00:00 +0000 (00:00 -0500)]
top: prevent buffer overruns in 'inspection_utility()'

When a Qualys patch was reverted as being unwarranted,
1 specific problem their patch had, in fact, prevented
was re-introduced. This patch corrects that oversight.

Reference(s):
. qualys patch revert
commit c5026787156d23512487ad9bbf540be7e3ee8de1

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: add another field sanity check in 'config_file()'
Jim Warner [Wed, 23 May 2018 05:00:00 +0000 (00:00 -0500)]
top: add another field sanity check in 'config_file()'

Until the Qualys security audit I had never considered
it a possibility that some malicious person might edit
the top config file to achieve some nefarious results.

And while the Qualys approach tended to concentrate on
the symptoms from such an effort, subsequent revisions
more properly concentrated on startup and that rcfile.

This commit completes those efforts with 1 more field.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: don't mess with groff line length in man document
Jim Warner [Sun, 20 May 2018 05:00:00 +0000 (00:00 -0500)]
top: don't mess with groff line length in man document

I've long since forgotten why the attempt to influence
groff line lengths was made. However, I did receive an
email regarding problems formatting postscript output.

Hopefully this patch will eliminate any such problems.

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agomisc: add asc sign files to ignore
Craig Small [Thu, 31 May 2018 10:28:20 +0000 (20:28 +1000)]
misc: add asc sign files to ignore

6 years agolibrary: Bump API to 8:0:1 v3.3.15
Craig Small [Sat, 19 May 2018 21:35:37 +0000 (07:35 +1000)]
library: Bump API to 8:0:1

We had two structures change which means another API bump :/

6 years agomisc: Reorder NEWS
Craig Small [Sat, 19 May 2018 21:34:17 +0000 (07:34 +1000)]
misc: Reorder NEWS

6 years agops: Increase command selection field to 64
Craig Small [Sat, 19 May 2018 12:10:11 +0000 (22:10 +1000)]
ps: Increase command selection field to 64

The library now presents command names up to 64 characters, in line with
the kernel changes.  ps command name selection (the -C option) now also
is 64 characters long.

References:
 commit 2cfdbbe897f0d4e41460c7c2b92acfc5804652c8

6 years agotestsuite: Remove pgrep ?15 char test
Craig Small [Sat, 19 May 2018 11:50:21 +0000 (21:50 +1000)]
testsuite: Remove pgrep ?15 char test

The referenced commit removed the warning for using pgrep with over
15 characters. The check for this warning needs to also be removed.

References:
 commit c32ab58b942d6dc2d6b4d45114af2ba9572aaa50

6 years agotop: just respond to the increased command name length
Jim Warner [Sat, 19 May 2018 05:00:00 +0000 (00:00 -0500)]
top: just respond to the increased command name length

The command name for running tasks is displayed by top
in a variable length field, so the increase from 16 to
64 bytes was not a problem. However, there's one place
where top is sensitive to length - insp_view_choice().

So, this patch just bumps a buffer used to display it.

Reference(s):
. increased 'comm' length
commit 2cfdbbe897f0d4e41460c7c2b92acfc5804652c8

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: eliminate a couple of warnings of -Wunused-result
Jim Warner [Fri, 18 May 2018 05:00:00 +0000 (00:00 -0500)]
top: eliminate a couple of warnings of -Wunused-result

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: ensure sane rcfile values for the remaining stuff
Jim Warner [Fri, 18 May 2018 05:00:00 +0000 (00:00 -0500)]
top: ensure sane rcfile values for the remaining stuff

This will protect some remaining rcfile variables from
a possible manual editing of top's configuration file.

[ and correct two #error related boo-boos introduced ]
[ with the system default rcfile in the commit shown ]

Reference(s):
. introduced /etc/topdefaultrc
commit 3e6a208ae501194fdb39d5f259e327c087dc8c84

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: Prevent out-of-bounds writes in PUFF(). __Tweaked
Jim Warner [Fri, 18 May 2018 05:00:00 +0000 (00:00 -0500)]
top: Prevent out-of-bounds writes in PUFF(). __Tweaked

This commit moves some overhead to the Batch mode path
where it's needed. And given the new 'else if' test we
can delete some now redundant logic in the other path.

Reference(s):
. original qualys patch
0117-top-Prevent-out-of-bounds-writes-in-PUFF.patch
commit 059ae8b512151c6390ec8430533555979cf2f183

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: address 'show_special()' o-o-b read/write concern
Jim Warner [Fri, 18 May 2018 05:00:00 +0000 (00:00 -0500)]
top: address 'show_special()' o-o-b read/write concern

This patch addresses a potential (but unlikely) buffer
overflow by reducing, if necessary, a memcpy length by
3 bytes to provide for an eol '\0' and 2 unused buffer
positions which also might receive the '\0' character.

[ note to future analysis tool: just because you see ]
[ binary data being manipulated in the routine, that ]
[ doesn't mean such function was passed binary data! ]

Reference(s):
. original qualys patch
0116-top-Fix-out-of-bounds-read-write-in-show_special.patch
commit ed8f6d9cc68fbadb26ee3009a3017b3e3ea63f28

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: Fix out-of-bounds read/write in show_... REVERTED
Jim Warner [Fri, 18 May 2018 05:00:00 +0000 (00:00 -0500)]
top: Fix out-of-bounds read/write in show_... REVERTED

I'm reverting this patch to prepare for some alternate
solution. In that solution I will address point #1 but
point #2 is based on a wrong assumption. There will be
no binary data ever found in the 'glob' passed to this
show_special() function. It is now always simple text.

------------------------------------------------ original commit message
This patch fixes two problems:

1/ In the switch case 0, if sub_end is at the very end of lin[], the two
null-byte writes are off-by-two (a stack-based buffer overflow). Replace
this end-of-string "emulation" with an equivalent test on ch (and then
goto/break out of the loop).

2/ "sub_end += 2" jumps over the null-byte terminator in lin[] if the
line contains a raw (without a tilde) \001-\010 character. Detect such a
null-byte terminator and goto/break out of the loop.

Note: in the case of a raw \001-\010 character, the character at
"sub_end + 1" is never processed (it is skipped/jumped over); this is
not a security problem anymore (since 2/ was fixed), so we decided not
to change this behavior, for backward-compatibility.
------------------------------------------------------------------------

Reference(s):
. original qualys patch
0116-top-Fix-out-of-bounds-read-write-in-show_special.patch
commit ed8f6d9cc68fbadb26ee3009a3017b3e3ea63f28

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: prevent buffer overflow potential in all routines
Jim Warner [Fri, 18 May 2018 05:00:00 +0000 (00:00 -0500)]
top: prevent buffer overflow potential in all routines

Whereas that original patch (since reversed) addressed
some symptoms related to manually edited config files,
this solution deals with root causes. And it goes much
beyond any single top field by protecting all of top's
fields. Henceforth, a duplicated field is not allowed.

Reference(s):
. original qualys patch
0114-top-Prevent-buffer-overflow-in-calibrate_fields.patch
commit c424a643318abfb534a692bd86c6a5e411ed2ebb

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: Prevent buffer overflow in calibrate_... REVERTED
Jim Warner [Fri, 18 May 2018 05:00:00 +0000 (00:00 -0500)]
top: Prevent buffer overflow in calibrate_... REVERTED

Here, again, we have an example of attacking a problem
by addressing the symptoms. And that assertion made in
the original commit message is true if only if someone
had manually (maliciously) edited the top config file.

So let's reverse the original patch & thus prepare for
a proper solution addressing the cause, not a symptom.

Reference(s):
. original qualys patch
0114-top-Prevent-buffer-overflow-in-calibrate_fields.patch
commit c424a643318abfb534a692bd86c6a5e411ed2ebb

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: Protect scat() from buffer overflows. ___REVERTED
Jim Warner [Fri, 18 May 2018 05:00:00 +0000 (00:00 -0500)]
top: Protect scat() from buffer overflows. ___REVERTED

The whole idea was to make top's 'scat' function small
and very quick, unlike that standard 'strcat' routine.

To achieve that end we ignore the potential for buffer
overruns and trust callers to provide adequate dest's.

Reference(s):
. original qualys patch
0109-top-Protect-scat-from-buffer-overflows.patch
commit 9c745975b2ea306399ab2484af8ed2f37d472269

Signed-off-by: Jim Warner <james.warner@comcast.net>
6 years agotop: concede integer overflow risks in procs_refresh()
Jim Warner [Fri, 18 May 2018 05:00:00 +0000 (00:00 -0500)]
top: concede integer overflow risks in procs_refresh()

This is as far as we need go with respect to the issue
of integer overflow addressed in that reference below.

That patch, of course, was reversed to prepare for us.

Reference(s):
. original qualys patch
0105-top-Prevent-integer-overflows-in-procs_refresh.patch
commit 131e5e2fe63f29edfc7df04b2b2a1682d93af846

Signed-off-by: Jim Warner <james.warner@comcast.net>