[BUG] lsof silently ignore processes with unbalanced round brackets in COMM

[isaac-sec]

Describe the bug
On Linux, when iterating over processes, lsof silently skips processes that have unbalanced round brackets in their COMM.

To Reproduce
Steps to reproduce the behavior:

1. Run nc -l -p 5000
2. Run lsof -iTCP -sTCP:LISTEN -n -P and see output that includes a line similar to this:

nc        430743 user   3u  IPv4 955235      0t0  TCP *:5000 (LISTEN)

3. Change the process' COMM: sudo gdb -p 430743 -batch -ex 'call (int)prctl(15, "nc (", 0, 0, 0)'
4. Run lsof -iTCP -sTCP:LISTEN -n -P again
5. The nc line is gone
6. Change back the process' COMM: sudo gdb -p 430743 -batch -ex 'call (int)prctl(15, "nc", 0, 0, 0)'
7. Run lsof -iTCP -sTCP:LISTEN -n -P again
8. The nc line returns

Expected behavior
An unbalanced round bracket in COMM should not cause a process to disappear from the lsof output.

Program output
N/A

Environment (please complete the following information):

• Kernel: Linux
• OS: Fedora
• lsof Version: 4.99.6
• Origin: installed by package manager

Additional context
The issue is caused by the /proc/<pid>/stat parsing code that tries to be overly smart and match brackets instead of just looking for the last closing round bracket:

lsof/lib/dialects/linux/dproc.c

Lines 1729 to 1738 in 1c3d6b4

	if (ch == ')') {
	/*
	* Balance parentheses when a closure is encountered. When
	* they are balanced, this is the end of the command.
	*/
	pc--;
	if (!pc)
	break;
	}

Related links

• oos-sec message reporting parsing bugs on /proc/<pid>/stat -- https://seclists.org/oss-sec/2022/q4/209
• Debian bug for comm in /proc/<pid>/stat -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024811
• sudo bug in parsing /proc/<pid>/stat -- https://www.openwall.com/lists/oss-security/2017/05/30/16

[jiegec]

Fix pushed, please test.