Bug#656921: net-tools: erroneous program name output from netstat -p

Anatole Shaw yvahkargfgng at omni.poc.net
Sun Jan 22 21:55:31 UTC 2012 

Package: net-tools
Version: 1.60-23
Severity: important
Tags: patch

"netstat -p" sometimes produces erroneous "Program name" output because
it looks at /proc/*/cmdline (which can be manipulated by setproctitle)
and assumes that information is structured as a pathname.

For example, this process (output from "ps auxw"):

    joe 5987 0.0 0.3 68380 1908 ? S 20:57 0:00 sshd: joe at pts/9

was associated with this incorrect output from "netstat -anp":

    tcp 0 0 10.0.0.10:34199 10.0.0.10:443 ESTABLISHED 5987/9

The text "5987/9" appeared in the "PID/Program name" column because
netstat parsed "9" as the final path element of the command.

The attached patch causes netstat to determine the program name by
dereferencing the /proc/*/exe symlink instead, producing the following
(correct) output regarding the same process:

    tcp 0 0 10.0.0.10:34199 10.0.0.10:443 ESTABLISHED 5987/sshd

Patch (also submitted upstream):

--- netstat.c	2001-04-15 14:41:17.000000000 +0000
+++ netstat.c	2012-01-22 20:24:19.000000000 +0000
@@ -246,6 +246,8 @@
 #define PATH_PROC_X_FD      PATH_PROC "/%s/" PATH_FD_SUFF
 #define PATH_CMDLINE	"cmdline"
 #define PATH_CMDLINEl       strlen(PATH_CMDLINE)
+#define PATH_EXE	"exe"
+#define PATH_EXEl	    strlen(PATH_EXE)
 /* NOT working as of glibc-2.0.7: */
 #undef  DIRENT_HAVE_D_TYPE_WORKS
 
@@ -393,16 +395,11 @@
             if (inode < 0) continue;
 
 	    if (!cmdlp) {
-		if (procfdlen - PATH_FD_SUFFl + PATH_CMDLINEl >= 
+		if (procfdlen - PATH_FD_SUFFl + PATH_EXEl >= 
 		    sizeof(line) - 5) 
 		    continue;
-		strcpy(line + procfdlen-PATH_FD_SUFFl, PATH_CMDLINE);
-		fd = open(line, O_RDONLY);
-		if (fd < 0) 
-		    continue;
-		cmdllen = read(fd, cmdlbuf, sizeof(cmdlbuf) - 1);
-		if (close(fd)) 
-		    continue;
+		strcpy(line + procfdlen-PATH_FD_SUFFl, PATH_EXE);
+		cmdllen = readlink(line, cmdlbuf, sizeof(cmdlbuf)-1);
 		if (cmdllen == -1) 
 		    continue;
 		if (cmdllen < sizeof(cmdlbuf) - 1) 

-- System Information:
Debian Release: 6.0.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/96 CPU cores)
Locale: LANG=de.UTF8, LC_CTYPE=de.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages net-tools depends on:
ii  libc6                         2.11.2-10  Embedded GNU C Library:
Shared lib

net-tools recommends no packages.

net-tools suggests no packages.

-- no debconf information

More information about the Pkg-net-tools-maintainers mailing list