Module: check_mk
Branch: master
Commit: 36c79860a5cd1a730ad513c8003cebbe1cb0243e
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=36c79860a5cd1a…
Author: Jukka Aro <ja(a)mathias-kettner.de>
Date: Tue Jun 12 10:36:33 2018 +0200
6190 FIX Win-agent: prevent unsigned integer overflow in process uptime
The process uptimes for Windows are calculated by subtracting the process
creation time from the current system time. Under certain circumstances,
setting up the system clock e. g. with daylight saving time has led to
some processes reporting a creation time with false offset and an unsigned
integer overflow through negative subtraction result. This has further led
to the crash of the ps check.
The unsigned integer overflow is now prevented by checking the result of the
subtraction and, in case of a negative value, logging it as an error and
setting the process uptime to the default value 1.
Change-Id: I4cbefc5e500880594be0f385d86cc3f1959ce683
---
.werks/6190 | 20 ++++++++++++++++++++
agents/windows/build_version | 2 +-
agents/windows/sections/SectionPS.cc | 26 ++++++++++++++++++++++----
3 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/.werks/6190 b/.werks/6190
new file mode 100644
index 0000000..369b213
--- /dev/null
+++ b/.werks/6190
@@ -0,0 +1,20 @@
+Title: Win-agent: prevent unsigned integer overflow in process uptime
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1528807253
+Class: fix
+
+The process uptimes for Windows are calculated by subtracting the process
+creation time from the current system time. Under certain circumstances,
+setting up the system clock e. g. with daylight saving time has led to a
+situation where some processes have reported a creation time with false
+offset and an unsigned integer overflow through negative subtraction result.
+This has further led to the crash of the ps check.
+
+The unsigned integer overflow is now prevented by checking the result of the
+subtraction and, in case of a negative value, logging it as an error and
+setting the process uptime to the default value 1.
+
diff --git a/agents/windows/build_version b/agents/windows/build_version
index b912429..49f2b70 100644
--- a/agents/windows/build_version
+++ b/agents/windows/build_version
@@ -1 +1 @@
-3254
+3256
diff --git a/agents/windows/sections/SectionPS.cc b/agents/windows/sections/SectionPS.cc
index 2b07008..e8dfa7b 100644
--- a/agents/windows/sections/SectionPS.cc
+++ b/agents/windows/sections/SectionPS.cc
@@ -218,8 +218,17 @@ bool SectionPS::outputWMI(std::ostream &out) {
std::tm t;
ss >> std::get_time(&t, L"%Y%m%d%H%M%S");
time_t creation_time = mktime(&t);
- auto uptime = static_cast<ULONGLONG>(
- section_helpers::current_time() - creation_time);
+ // Cope with possible problems with process creation time. Ensure
+ // that the result of subtraction is not negative.
+ long long currTime = section_helpers::current_time();
+ long long timeDiff = currTime - creation_time;
+
+ if (timeDiff < 0) {
+ Error(_logger) << "Creation time " <<
creation_time
+ << " lies ahead of current time " <<
currTime;
+ }
+
+ auto uptime = static_cast<ULONGLONG>(std::max(timeDiff, 1LL));
outputProcess(
out,
std::stoull(result.get<std::string>(L"VirtualSize")),
@@ -329,8 +338,17 @@ bool SectionPS::outputNative(std::ostream &out) {
}
// Uptime
- auto uptime = static_cast<unsigned long long>(
- section_helpers::current_time() - sinceEpoch(createTime));
+ // Cope with possible problems with process creation time. Ensure
+ // that the result of subtraction is not negative.
+ long long currTime = section_helpers::current_time();
+ long long timeDiff = currTime - sinceEpoch(createTime);
+
+ if (timeDiff < 0) {
+ Error(_logger) << "Creation time " <<
sinceEpoch(createTime)
+ << " lies ahead of current time " <<
currTime;
+ }
+
+ auto uptime = static_cast<unsigned long long>(std::max(timeDiff,
1LL));
// Note: CPU utilization is determined out of usermodetime and
// kernelmodetime