Fix parsing of /proc/self/stat

lvmteam / lvm2

Mirror of upstream LVM2 repository

https://gitlab.com/lvmteam/lvm2

GNU General Public License v2.0

133 stars 73 forks source link

Fix parsing of /proc/self/stat #116

Closed hevrard closed 1 year ago

hevrard commented 1 year ago

The code in init_log_file relies on the process name (COMM) to not contain whitespaces. This change fixes it by looking up the right-most parenthesis to safely jump past COMM.

For more context see: https://www.openwall.com/lists/oss-security/2022/12/21/6

zkabelac commented 1 year ago

Hmm, yeah a bit annoying issue - not really sure it's even worth fixing - the code there is really there only for debugging purposes and has no real use for a standard usage of lvm2 commands.

But will think if there aren't some easier ways how to get the info for test suite purpose.

teigland commented 1 year ago

Just use getpid() and time() or gettimeofday(), and drop /proc/self/stat.

zkabelac commented 1 year ago

So although the code affects purely debugging mode of lvm2 execution I've pushed modified version if this code upstream. Hopefully this will quiet your security warning system.

hevrard commented 1 year ago

Brilliant, thanks!