Skip to content

Linux: reorder /proc/<pid>/status parsing#1481

Merged
fasterit merged 1 commit intohtop-dev:mainfrom
cgzones:uaf
May 17, 2024
Merged

Linux: reorder /proc/<pid>/status parsing#1481
fasterit merged 1 commit intohtop-dev:mainfrom
cgzones:uaf

Conversation

@cgzones
Copy link
Copy Markdown
Member

@cgzones cgzones commented May 16, 2024

In case parsing an essential pid entry file like 'status' we treat the process as a short living one and ignore it. In the relevant goto label the process structure is free'd, thus it must not have been inserted into the global process table.

Reorder parsing the status file after potentially inserting the process into the process table.

Fixes: 22d25db ("Linux: detect container process by different PID namespace")
Closes: #1455

@cgzones cgzones added bug 🐛 Something isn't working Linux 🐧 Linux related issues labels May 16, 2024
@cgzones cgzones added this to the 3.4.0 milestone May 16, 2024
@cgzones cgzones mentioned this pull request May 16, 2024
Closed
BenBE
BenBE approved these changes May 16, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@BenBE BenBE left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two minor nits …

Comment thread linux/LinuxProcessTable.c Outdated
Comment thread linux/LinuxProcessTable.c Outdated
@Explorer09
Copy link
Copy Markdown
Contributor

Explorer09 commented May 16, 2024

A minor gripe here: The commit description isn't obvious that it fixes a use-after-free. I would write the description like this:

Linux: read pid status before inserting it into process table

When parsing an essential pid entry file like 'status' fails, we treat
the process as a short living one and skip adding it into the process
table. This step should be done before the process is added, or else
the goto label can free the process structure, creating use-after-free
scenarios later on.

Fixes: 22d25db ("Linux: detect container process by different PID namespace")
Closes: htop-dev#1455

@cgzones @BenBE
Linux: reorder /proc/<pid>/status parsing
66f0ba0 
When parsing an essential pid entry file like 'status' fails, we treat
the process as a short-lived one and skip adding it into the process
table.

This should be done before the process is added, as the goto label used
for error handling can free the process structure, thus causing an
use-after-free scenario.

Fixes: 22d25db ("Linux: detect container process by different PID namespace")
Closes: htop-dev#1455
@fasterit fasterit merged commit a94e766 into htop-dev:main May 17, 2024
@cgzones cgzones deleted the uaf branch May 18, 2024 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BenBE BenBE BenBE approved these changes

Assignees

No one assigned

Labels

bug 🐛 Something isn't working Linux 🐧 Linux related issues

Projects

None yet

Milestone

3.4.0

Development

Successfully merging this pull request may close these issues.

Sudden Segementation Fault

4 participants

@cgzones @Explorer09 @BenBE @fasterit