From 8b7ea120670525d9ac7f1698ae7482d691e840a4 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Mon, 9 Nov 2020 17:02:22 +0100 Subject: [PATCH] Added check for " (deleted)" suffix in get_program_from_fd() (#97) - get rid of this suffix Signed-off-by: Radovan Sroka Removed strstr (#102) --- src/library/process.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/library/process.c b/src/library/process.c index edd2cca..6406610 100644 --- a/src/library/process.c +++ b/src/library/process.c @@ -146,10 +146,24 @@ char *get_program_from_pid(pid_t pid, size_t blen, char *buf) return buf; } + + size_t len = 0; if ((size_t)path_len < blen) - buf[path_len] = 0; + len = path_len; else - buf[blen-1] = '\0'; + len = blen-1; + + buf[len] = '\0'; + // some binaries can be deleted after execution + // then we need to delete the suffix so they are + // trusted even after deletion + + // strlen(" deleted") == 10 + if (buf[len-1] == ')' && len > 10) { + + if (strcmp(&buf[len - 10], " (deleted)") == 0) + buf[len - 10] = '\0'; + } return buf; } -- 2.26.2