Don't clobber user space argv0 memory on shell exec, mainly for vfork()
Fix another bug: if argv[0] is NULL, garbadge args might be added for shell script Submitted by: Tor Egge <Tor.Egge@idi.ntnu.no> (with yet one fault detect from me)
This commit is contained in:
Andrey A. Chernov
parent
a68c4b561f
commit
5cf3d12ca5
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=25115
@ -23,7 +23,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
* $Id: imgact_shell.c,v 1.14 1997/02/22 09:38:57 peter Exp $
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -126,8 +126,7 @@ exec_shell_imgact(imgp)
|
||||
}
|
||||
}
|
||||
|
||||
/* set argv[0] to point to original file name */
|
||||
suword(imgp->uap->argv, (int)imgp->uap->fname);
|
||||
imgp->argv0 = imgp->uap->fname;
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: kern_exec.c,v 1.61 1997/04/13 03:05:31 dyson Exp $
|
||||
* $Id: kern_exec.c,v 1.62 1997/04/18 02:43:05 davidg Exp $
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -118,6 +118,7 @@ execve(p, uap, retval)
|
||||
imgp->attr = &attr;
|
||||
imgp->image_header = NULL;
|
||||
imgp->argc = imgp->envc = 0;
|
||||
imgp->argv0 = NULL;
|
||||
imgp->entry_addr = 0;
|
||||
imgp->vmspace_destroyed = 0;
|
||||
imgp->interpreted = 0;
|
||||
@ -435,20 +436,29 @@ exec_extract_strings(imgp)
|
||||
argv = imgp->uap->argv;
|
||||
|
||||
if (argv) {
|
||||
while ((argp = (caddr_t) fuword(argv++))) {
|
||||
if (argp == (caddr_t) -1)
|
||||
return (EFAULT);
|
||||
if ((error = copyinstr(argp, imgp->stringp,
|
||||
imgp->stringspace, &length))) {
|
||||
if (error == ENAMETOOLONG)
|
||||
return(E2BIG);
|
||||
return (error);
|
||||
}
|
||||
imgp->stringspace -= length;
|
||||
imgp->stringp += length;
|
||||
imgp->argc++;
|
||||
argp = (caddr_t) fuword(argv);
|
||||
if (argp == (caddr_t) -1)
|
||||
return (EFAULT);
|
||||
if (argp)
|
||||
argv++;
|
||||
if (imgp->argv0)
|
||||
argp = imgp->argv0;
|
||||
if (argp) {
|
||||
do {
|
||||
if (argp == (caddr_t) -1)
|
||||
return (EFAULT);
|
||||
if ((error = copyinstr(argp, imgp->stringp,
|
||||
imgp->stringspace, &length))) {
|
||||
if (error == ENAMETOOLONG)
|
||||
return(E2BIG);
|
||||
return (error);
|
||||
}
|
||||
imgp->stringspace -= length;
|
||||
imgp->stringp += length;
|
||||
imgp->argc++;
|
||||
} while ((argp = (caddr_t) fuword(argv++)));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* extract environment strings
|
||||
|
||||
Loading…
Reference in New Issue
Block a user