summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorache <ache@FreeBSD.org>1997-04-23 22:07:05 +0000
committerache <ache@FreeBSD.org>1997-04-23 22:07:05 +0000
commit2f86c7eb1586742428169502d63e646612344f7b (patch)
tree424aa0640ed70445b9b61c5bd200b1891743c84c
parent4edae968dd14744515571f59dceb4ce3c9a81d40 (diff)
downloadFreeBSD-src-2f86c7eb1586742428169502d63e646612344f7b.zip
FreeBSD-src-2f86c7eb1586742428169502d63e646612344f7b.tar.gz
Don't clobber user space argv0 memory on shell exec, mainly for vfork()
Fix another bug: if argv[0] is NULL, garbadge args might be added for shell script Submitted by: Tor Egge <Tor.Egge@idi.ntnu.no> (with yet one fault detect from me)
-rw-r--r--sys/kern/imgact_shell.c5
-rw-r--r--sys/kern/kern_exec.c38
2 files changed, 26 insertions, 17 deletions
diff --git a/sys/kern/imgact_shell.c b/sys/kern/imgact_shell.c
index fb03011..526aac7 100644
--- a/sys/kern/imgact_shell.c
+++ b/sys/kern/imgact_shell.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id$
+ * $Id: imgact_shell.c,v 1.14 1997/02/22 09:38:57 peter Exp $
*/
#include <sys/param.h>
@@ -126,8 +126,7 @@ exec_shell_imgact(imgp)
}
}
- /* set argv[0] to point to original file name */
- suword(imgp->uap->argv, (int)imgp->uap->fname);
+ imgp->argv0 = imgp->uap->fname;
return(0);
}
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index e1fcc0c..4c7f331 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: kern_exec.c,v 1.61 1997/04/13 03:05:31 dyson Exp $
+ * $Id: kern_exec.c,v 1.62 1997/04/18 02:43:05 davidg Exp $
*/
#include <sys/param.h>
@@ -118,6 +118,7 @@ execve(p, uap, retval)
imgp->attr = &attr;
imgp->image_header = NULL;
imgp->argc = imgp->envc = 0;
+ imgp->argv0 = NULL;
imgp->entry_addr = 0;
imgp->vmspace_destroyed = 0;
imgp->interpreted = 0;
@@ -435,20 +436,29 @@ exec_extract_strings(imgp)
argv = imgp->uap->argv;
if (argv) {
- while ((argp = (caddr_t) fuword(argv++))) {
- if (argp == (caddr_t) -1)
- return (EFAULT);
- if ((error = copyinstr(argp, imgp->stringp,
- imgp->stringspace, &length))) {
- if (error == ENAMETOOLONG)
- return(E2BIG);
- return (error);
- }
- imgp->stringspace -= length;
- imgp->stringp += length;
- imgp->argc++;
+ argp = (caddr_t) fuword(argv);
+ if (argp == (caddr_t) -1)
+ return (EFAULT);
+ if (argp)
+ argv++;
+ if (imgp->argv0)
+ argp = imgp->argv0;
+ if (argp) {
+ do {
+ if (argp == (caddr_t) -1)
+ return (EFAULT);
+ if ((error = copyinstr(argp, imgp->stringp,
+ imgp->stringspace, &length))) {
+ if (error == ENAMETOOLONG)
+ return(E2BIG);
+ return (error);
+ }
+ imgp->stringspace -= length;
+ imgp->stringp += length;
+ imgp->argc++;
+ } while ((argp = (caddr_t) fuword(argv++)));
}
- }
+ }
/*
* extract environment strings
OpenPOWER on IntegriCloud