/src/sudo/lib/iolog/iolog_timing.c

Source (jump to first uncovered line)
/*
 * SPDX-License-Identifier: ISC
 *
 * Copyright (c) 2009-2020 Todd C. Miller <Todd.Miller@sudo.ws>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * This is an open source non-commercial project. Dear PVS-Studio, please check it.
 * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
 */

#include <config.h>

#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_STDBOOL_H
# include <stdbool.h>
#else
# include <compat/stdbool.h>
#endif /* HAVE_STDBOOL_H */
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <ctype.h>
#include <errno.h>
#include <limits.h>
#include <fcntl.h>
#include <time.h>

#include <sudo_compat.h>
#include <sudo_debug.h>
#include <sudo_eventlog.h>
#include <sudo_fatal.h>
#include <sudo_gettext.h>
#include <sudo_iolog.h>
#include <sudo_util.h>

static int timing_event_adj;

void
iolog_adjust_delay(struct timespec *delay, struct timespec *max_delay,
     double scale_factor)
{
    debug_decl(iolog_adjust_delay, SUDO_DEBUG_UTIL);

    /* Avoid division by zero or negative delays. */
    if (scale_factor <= 0.0) {
  sudo_timespecclear(delay);
  debug_return;
    }

    if (scale_factor != 1.0) {
  /* Order is important: we don't want to double the remainder. */
  const double seconds = (double)delay->tv_sec / scale_factor;
  const double nseconds = (double)delay->tv_nsec / scale_factor;
        delay->tv_sec = (time_t)seconds;
        delay->tv_nsec = (long)nseconds;
        delay->tv_nsec += (long)((seconds - (double)delay->tv_sec) * 1000000000);
        while (delay->tv_nsec >= 1000000000) {
            delay->tv_sec++;
            delay->tv_nsec -= 1000000000;
        }
    }

    /* Clamp to max delay. */
    if (max_delay != NULL) {
  if (sudo_timespeccmp(delay, max_delay, >)) {
      delay->tv_sec = max_delay->tv_sec;
      delay->tv_nsec = max_delay->tv_nsec;
  }
    }

    debug_return;
}

/*
 * Parse the delay as seconds and nanoseconds: %lld.%09ld
 * Sudo used to write this as a double, but since timing data is logged
 * in the C locale this may not match the current locale.
 */
char *
iolog_parse_delay(const char *cp, struct timespec *delay,
    const char *decimal_point)
{
    char numbuf[STRLEN_MAX_SIGNED(long long) + 1];
    const char *errstr, *ep;
    long long llval;
    size_t len;
    debug_decl(iolog_parse_delay, SUDO_DEBUG_UTIL);

    /* Parse seconds (whole number portion). */
    for (ep = cp; isdigit((unsigned char)*ep); ep++)
  continue;
    len = (size_t)(ep - cp);
    if (len >= sizeof(numbuf)) {
  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
      "%s: number of seconds is too large", cp);
  debug_return_ptr(NULL);
    }
    memcpy(numbuf, cp, len);
    numbuf[len] = '\0';
    delay->tv_sec = (time_t)sudo_strtonum(numbuf, 0, TIME_T_MAX, &errstr);
    if (errstr != NULL) {
  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
      "%s: number of seconds is %s", numbuf, errstr);
  debug_return_ptr(NULL);
    }

    /* Radix may be in user's locale for sudo < 1.7.4 so accept that too. */
    if (*ep != '.' && *ep != *decimal_point) {
  if (*ep == '\0' || isspace((unsigned char)*ep)) {
      /* No fractional part. */
      delay->tv_nsec = 0;
      goto done;
  }
  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
      "invalid characters after seconds: %s", ep);
  debug_return_ptr(NULL);
    }
    cp = ep + 1;

    /* Parse fractional part, we may read more precision than we can store. */
    for (ep = cp; isdigit((unsigned char)*ep); ep++)
  continue;
    len = (size_t)(ep - cp);
    if (len >= sizeof(numbuf)) {
  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
      "%s: number of nanoseconds is too large", cp);
  debug_return_ptr(NULL);
    }
    memcpy(numbuf, cp, len);
    numbuf[len] = '\0';
    llval = sudo_strtonum(numbuf, 0, LLONG_MAX, &errstr);
    if (errstr != NULL) {
  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
      "%s: number of nanoseconds is %s", numbuf, errstr);
  debug_return_ptr(NULL);
    }

    /* Adjust fractional part to nanosecond precision. */
    if (len < 9) {
  /* Convert to nanosecond precision. */
  do {
      llval *= 10;
  } while (++len < 9);
    } else if (len > 9) {
  /* Clamp to nanoseconds. */
  do {
      llval /= 10;
  } while (--len > 9);
    }
    delay->tv_nsec = (long)llval;

done:
    /* Advance to the next field. */
    while (isspace((unsigned char)*ep))
  ep++;

    debug_return_str((char *)ep);
}

/*
 * Parse a timing line, which is formatted as:
 *  IO_EVENT_TTYOUT sleep_time num_bytes
 *  IO_EVENT_WINSIZE sleep_time lines cols
 *  IO_EVENT_SUSPEND sleep_time signo
 * Where type is IO_EVENT_*, sleep_time is the number of seconds to sleep
 * before writing the data and num_bytes is the number of bytes to output.
 * Returns true on success and false on failure.
 */
bool
iolog_parse_timing(const char *line, struct timing_closure *timing)
{
    unsigned long ulval;
    char *cp, *ep;
    debug_decl(iolog_parse_timing, SUDO_DEBUG_UTIL);

    /* Clear iolog descriptor. */
    timing->iol = NULL;

    /* Parse event type. */
    ulval = strtoul(line, &ep, 10);
    if (ep == line || !isspace((unsigned char) *ep))
  goto bad;
    if (ulval >= IO_EVENT_COUNT)
  goto bad;
    if (ulval == IO_EVENT_TTYOUT_1_8_7) {
  /* work around a bug in timing files generated by sudo 1.8.7 */
  timing_event_adj = 2;
    }
    timing->event = (int)ulval - timing_event_adj;
    for (cp = ep + 1; isspace((unsigned char) *cp); cp++)
  continue;

    /* Parse delay, returns the next field or NULL on error. */
    if ((cp = iolog_parse_delay(cp, &timing->delay, timing->decimal)) == NULL)
  goto bad;

    switch (timing->event) {
    case IO_EVENT_SUSPEND:
  /* Signal name (no leading SIG prefix) or number. */
  if (str2sig(cp, &timing->u.signo) == -1)
      goto bad;
  break;
    case IO_EVENT_WINSIZE:
  ulval = strtoul(cp, &ep, 10);
  if (ep == cp || !isspace((unsigned char) *ep))
      goto bad;
  if (ulval > INT_MAX)
      goto bad;
  timing->u.winsize.lines = (int)ulval;
  for (cp = ep + 1; isspace((unsigned char) *cp); cp++)
      continue;

  ulval = strtoul(cp, &ep, 10);
  if (ep == cp || *ep != '\0')
      goto bad;
  if (ulval > INT_MAX)
      goto bad;
  timing->u.winsize.cols = (int)ulval;
  break;
    default:
  errno = 0;
  ulval = strtoul(cp, &ep, 10);
  if (ep == cp || *ep != '\0')
      goto bad;
  /* Note: assumes SIZE_MAX == ULONG_MAX */
  if (errno == ERANGE && ulval == ULONG_MAX)
      goto bad;
  timing->u.nbytes = (size_t)ulval;
  break;
    }

    debug_return_bool(true);
bad:
    debug_return_bool(false);
}

/*
 * Read the next record from the timing file.
 * Return 0 on success, 1 on EOF and -1 on error.
 */
int
iolog_read_timing_record(struct iolog_file *iol, struct timing_closure *timing)
{
    char line[LINE_MAX];
    const char *errstr;
    debug_decl(iolog_read_timing_record, SUDO_DEBUG_UTIL);

    /* Read next record from timing file. */
    if (iolog_gets(iol, line, sizeof(line), &errstr) == NULL) {
  /* EOF or error reading timing file, we are done. */
  if (iolog_eof(iol))
      debug_return_int(1);
  sudo_warnx(U_("error reading timing file: %s"), errstr);
  debug_return_int(-1);
    }

    /* Parse timing file record. */
    line[strcspn(line, "\n")] = '\0';
    if (!iolog_parse_timing(line, timing)) {
  sudo_warnx(U_("invalid timing file line: %s"), line);
  debug_return_int(-1);
    }

    debug_return_int(0);
}

Coverage Report

Created: 2025-08-26 06:57

Line	Count	Source (jump to first uncovered line)
1		/*
2		* SPDX-License-Identifier: ISC
3		*
4		* Copyright (c) 2009-2020 Todd C. Miller <Todd.Miller@sudo.ws>
5		*
6		* Permission to use, copy, modify, and distribute this software for any
7		* purpose with or without fee is hereby granted, provided that the above
8		* copyright notice and this permission notice appear in all copies.
9		*
10		* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11		* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12		* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13		* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14		* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15		* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16		* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17		*/
18
19		/*
20		* This is an open source non-commercial project. Dear PVS-Studio, please check it.
21		* PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
22		*/
23
24		#include <config.h>
25
26		#include <stdio.h>
27		#include <stdlib.h>
28		#ifdef HAVE_STDBOOL_H
29		# include <stdbool.h>
30		#else
31		# include <compat/stdbool.h>
32		#endif /* HAVE_STDBOOL_H */
33		#include <string.h>
34		#include <signal.h>
35		#include <unistd.h>
36		#include <ctype.h>
37		#include <errno.h>
38		#include <limits.h>
39		#include <fcntl.h>
40		#include <time.h>
41
42		#include <sudo_compat.h>
43		#include <sudo_debug.h>
44		#include <sudo_eventlog.h>
45		#include <sudo_fatal.h>
46		#include <sudo_gettext.h>
47		#include <sudo_iolog.h>
48		#include <sudo_util.h>
49
50		static int timing_event_adj;
51
52		void
53		iolog_adjust_delay(struct timespec delay, struct timespec max_delay,
54		double scale_factor)
55	0	{
56	0	debug_decl(iolog_adjust_delay, SUDO_DEBUG_UTIL);
57
58		/* Avoid division by zero or negative delays. */
59	0	if (scale_factor <= 0.0) {
60	0	sudo_timespecclear(delay);
61	0	debug_return;
62	0	}
63
64	0	if (scale_factor != 1.0) {
65		/* Order is important: we don't want to double the remainder. */
66	0	const double seconds = (double)delay->tv_sec / scale_factor;
67	0	const double nseconds = (double)delay->tv_nsec / scale_factor;
68	0	delay->tv_sec = (time_t)seconds;
69	0	delay->tv_nsec = (long)nseconds;
70	0	delay->tv_nsec += (long)((seconds - (double)delay->tv_sec) * 1000000000);
71	0	while (delay->tv_nsec >= 1000000000) {
72	0	delay->tv_sec++;
73	0	delay->tv_nsec -= 1000000000;
74	0	}
75	0	}
76
77		/* Clamp to max delay. */
78	0	if (max_delay != NULL) {
79	0	if (sudo_timespeccmp(delay, max_delay, >)) {
80	0	delay->tv_sec = max_delay->tv_sec;
81	0	delay->tv_nsec = max_delay->tv_nsec;
82	0	}
83	0	}
84
85	0	debug_return;
86	0	}
87
88		/*
89		* Parse the delay as seconds and nanoseconds: %lld.%09ld
90		* Sudo used to write this as a double, but since timing data is logged
91		* in the C locale this may not match the current locale.
92		*/
93		char *
94		iolog_parse_delay(const char cp, struct timespec delay,
95		const char *decimal_point)
96	3.15k	{
97	3.15k	char numbuf[STRLEN_MAX_SIGNED(long long) + 1];
98	3.15k	const char errstr, ep;
99	3.15k	long long llval;
100	3.15k	size_t len;
101	3.15k	debug_decl(iolog_parse_delay, SUDO_DEBUG_UTIL);
102
103		/* Parse seconds (whole number portion). */
104	12.1k	for (ep = cp; isdigit((unsigned char)*ep); ep++)
105	12.1k	continue;
106	3.15k	len = (size_t)(ep - cp);
107	3.15k	if (len >= sizeof(numbuf)) {
108	10	sudo_debug_printf(SUDO_DEBUG_ERROR\|SUDO_DEBUG_LINENO,
109	10	"%s: number of seconds is too large", cp);
110	10	debug_return_ptr(NULL);
111	10	}
112	3.14k	memcpy(numbuf, cp, len);
113	3.14k	numbuf[len] = '\0';
114	3.14k	delay->tv_sec = (time_t)sudo_strtonum(numbuf, 0, TIME_T_MAX, &errstr);
115	3.14k	if (errstr != NULL) {
116	99	sudo_debug_printf(SUDO_DEBUG_ERROR\|SUDO_DEBUG_LINENO,
117	99	"%s: number of seconds is %s", numbuf, errstr);
118	99	debug_return_ptr(NULL);
119	99	}
120
121		/* Radix may be in user's locale for sudo < 1.7.4 so accept that too. */
122	3.04k	if (ep != '.' && ep != *decimal_point) {
123	1.96k	if (ep == '\0' \|\| isspace((unsigned char)ep)) {
124		/* No fractional part. */
125	1.95k	delay->tv_nsec = 0;
126	1.95k	goto done;
127	1.95k	}
128	1.96k	sudo_debug_printf(SUDO_DEBUG_ERROR\|SUDO_DEBUG_LINENO,
129	14	"invalid characters after seconds: %s", ep);
130	14	debug_return_ptr(NULL);
131	14	}
132	1.07k	cp = ep + 1;
133
134		/* Parse fractional part, we may read more precision than we can store. */
135	10.7k	for (ep = cp; isdigit((unsigned char)*ep); ep++)
136	10.7k	continue;
137	1.07k	len = (size_t)(ep - cp);
138	1.07k	if (len >= sizeof(numbuf)) {
139	9	sudo_debug_printf(SUDO_DEBUG_ERROR\|SUDO_DEBUG_LINENO,
140	9	"%s: number of nanoseconds is too large", cp);
141	9	debug_return_ptr(NULL);
142	9	}
143	1.06k	memcpy(numbuf, cp, len);
144	1.06k	numbuf[len] = '\0';
145	1.06k	llval = sudo_strtonum(numbuf, 0, LLONG_MAX, &errstr);
146	1.06k	if (errstr != NULL) {
147	10	sudo_debug_printf(SUDO_DEBUG_ERROR\|SUDO_DEBUG_LINENO,
148	10	"%s: number of nanoseconds is %s", numbuf, errstr);
149	10	debug_return_ptr(NULL);
150	10	}
151
152		/* Adjust fractional part to nanosecond precision. */
153	1.05k	if (len < 9) {
154		/* Convert to nanosecond precision. */
155	4.30k	do {
156	4.30k	llval *= 10;
157	4.30k	} while (++len < 9);
158	541	} else if (len > 9) {
159		/* Clamp to nanoseconds. */
160	1.44k	do {
161	1.44k	llval /= 10;
162	1.44k	} while (--len > 9);
163	324	}
164	1.05k	delay->tv_nsec = (long)llval;
165
166	3.01k	done:
167		/* Advance to the next field. */
168	3.01k	while (isspace((unsigned char)*ep))
169	2.99k	ep++;
170
171	3.01k	debug_return_str((char *)ep);
172	3.01k	}
173
174		/*
175		* Parse a timing line, which is formatted as:
176		* IO_EVENT_TTYOUT sleep_time num_bytes
177		* IO_EVENT_WINSIZE sleep_time lines cols
178		* IO_EVENT_SUSPEND sleep_time signo
179		* Where type is IO_EVENT_*, sleep_time is the number of seconds to sleep
180		* before writing the data and num_bytes is the number of bytes to output.
181		* Returns true on success and false on failure.
182		*/
183		bool
184		iolog_parse_timing(const char line, struct timing_closure timing)
185	3.33k	{
186	3.33k	unsigned long ulval;
187	3.33k	char cp, ep;
188	3.33k	debug_decl(iolog_parse_timing, SUDO_DEBUG_UTIL);
189
190		/* Clear iolog descriptor. */
191	3.33k	timing->iol = NULL;
192
193		/* Parse event type. */
194	3.33k	ulval = strtoul(line, &ep, 10);
195	3.33k	if (ep == line \|\| !isspace((unsigned char) *ep))
196	60	goto bad;
197	3.27k	if (ulval >= IO_EVENT_COUNT)
198	116	goto bad;
199	3.15k	if (ulval == IO_EVENT_TTYOUT_1_8_7) {
200		/* work around a bug in timing files generated by sudo 1.8.7 */
201	739	timing_event_adj = 2;
202	739	}
203	3.15k	timing->event = (int)ulval - timing_event_adj;
204	3.15k	for (cp = ep + 1; isspace((unsigned char) *cp); cp++)
205	200	continue;
206
207		/* Parse delay, returns the next field or NULL on error. */
208	3.15k	if ((cp = iolog_parse_delay(cp, &timing->delay, timing->decimal)) == NULL)
209	142	goto bad;
210
211	3.01k	switch (timing->event) {
212	0	case IO_EVENT_SUSPEND:
213		/* Signal name (no leading SIG prefix) or number. */
214	0	if (str2sig(cp, &timing->u.signo) == -1)
215	0	goto bad;
216	0	break;
217	502	case IO_EVENT_WINSIZE:
218	502	ulval = strtoul(cp, &ep, 10);
219	502	if (ep == cp \|\| !isspace((unsigned char) *ep))
220	36	goto bad;
221	466	if (ulval > INT_MAX)
222	65	goto bad;
223	401	timing->u.winsize.lines = (int)ulval;
224	401	for (cp = ep + 1; isspace((unsigned char) *cp); cp++)
225	196	continue;
226
227	401	ulval = strtoul(cp, &ep, 10);
228	401	if (ep == cp \|\| *ep != '\0')
229	83	goto bad;
230	318	if (ulval > INT_MAX)
231	64	goto bad;
232	254	timing->u.winsize.cols = (int)ulval;
233	254	break;
234	2.51k	default:
235	2.51k	errno = 0;
236	2.51k	ulval = strtoul(cp, &ep, 10);
237	2.51k	if (ep == cp \|\| *ep != '\0')
238	198	goto bad;
239		/* Note: assumes SIZE_MAX == ULONG_MAX */
240	2.31k	if (errno == ERANGE && ulval == ULONG_MAX)
241	1	goto bad;
242	2.31k	timing->u.nbytes = (size_t)ulval;
243	2.31k	break;
244	3.01k	}
245
246	2.56k	debug_return_bool(true);
247	765	bad:
248	765	debug_return_bool(false);
249	765	}
250
251		/*
252		* Read the next record from the timing file.
253		* Return 0 on success, 1 on EOF and -1 on error.
254		*/
255		int
256		iolog_read_timing_record(struct iolog_file iol, struct timing_closure timing)
257	3.41k	{
258	3.41k	char line[LINE_MAX];
259	3.41k	const char *errstr;
260	3.41k	debug_decl(iolog_read_timing_record, SUDO_DEBUG_UTIL);
261
262		/* Read next record from timing file. */
263	3.41k	if (iolog_gets(iol, line, sizeof(line), &errstr) == NULL) {
264		/* EOF or error reading timing file, we are done. */
265	80	if (iolog_eof(iol))
266	80	debug_return_int(1);
267	0	sudo_warnx(U_("error reading timing file: %s"), errstr);
268	0	debug_return_int(-1);
269	0	}
270
271		/* Parse timing file record. */
272	3.33k	line[strcspn(line, "\n")] = '\0';
273	3.33k	if (!iolog_parse_timing(line, timing)) {
274	765	sudo_warnx(U_("invalid timing file line: %s"), line);
275	765	debug_return_int(-1);
276	765	}
277
278	2.56k	debug_return_int(0);
279	2.56k	}