diff options
author | ache <ache@FreeBSD.org> | 1997-04-23 22:07:05 +0000 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 1997-04-23 22:07:05 +0000 |
commit | 2f86c7eb1586742428169502d63e646612344f7b (patch) | |
tree | 424aa0640ed70445b9b61c5bd200b1891743c84c | |
parent | 4edae968dd14744515571f59dceb4ce3c9a81d40 (diff) | |
download | FreeBSD-src-2f86c7eb1586742428169502d63e646612344f7b.zip FreeBSD-src-2f86c7eb1586742428169502d63e646612344f7b.tar.gz |
Don't clobber user space argv0 memory on shell exec, mainly for vfork()
Fix another bug: if argv[0] is NULL, garbadge args might be added for
shell script
Submitted by: Tor Egge <Tor.Egge@idi.ntnu.no> (with yet one fault detect from me)
-rw-r--r-- | sys/kern/imgact_shell.c | 5 | ||||
-rw-r--r-- | sys/kern/kern_exec.c | 38 |
2 files changed, 26 insertions, 17 deletions
diff --git a/sys/kern/imgact_shell.c b/sys/kern/imgact_shell.c index fb03011..526aac7 100644 --- a/sys/kern/imgact_shell.c +++ b/sys/kern/imgact_shell.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id$ + * $Id: imgact_shell.c,v 1.14 1997/02/22 09:38:57 peter Exp $ */ #include <sys/param.h> @@ -126,8 +126,7 @@ exec_shell_imgact(imgp) } } - /* set argv[0] to point to original file name */ - suword(imgp->uap->argv, (int)imgp->uap->fname); + imgp->argv0 = imgp->uap->fname; return(0); } diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index e1fcc0c..4c7f331 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: kern_exec.c,v 1.61 1997/04/13 03:05:31 dyson Exp $ + * $Id: kern_exec.c,v 1.62 1997/04/18 02:43:05 davidg Exp $ */ #include <sys/param.h> @@ -118,6 +118,7 @@ execve(p, uap, retval) imgp->attr = &attr; imgp->image_header = NULL; imgp->argc = imgp->envc = 0; + imgp->argv0 = NULL; imgp->entry_addr = 0; imgp->vmspace_destroyed = 0; imgp->interpreted = 0; @@ -435,20 +436,29 @@ exec_extract_strings(imgp) argv = imgp->uap->argv; if (argv) { - while ((argp = (caddr_t) fuword(argv++))) { - if (argp == (caddr_t) -1) - return (EFAULT); - if ((error = copyinstr(argp, imgp->stringp, - imgp->stringspace, &length))) { - if (error == ENAMETOOLONG) - return(E2BIG); - return (error); - } - imgp->stringspace -= length; - imgp->stringp += length; - imgp->argc++; + argp = (caddr_t) fuword(argv); + if (argp == (caddr_t) -1) + return (EFAULT); + if (argp) + argv++; + if (imgp->argv0) + argp = imgp->argv0; + if (argp) { + do { + if (argp == (caddr_t) -1) + return (EFAULT); + if ((error = copyinstr(argp, imgp->stringp, + imgp->stringspace, &length))) { + if (error == ENAMETOOLONG) + return(E2BIG); + return (error); + } + imgp->stringspace -= length; + imgp->stringp += length; + imgp->argc++; + } while ((argp = (caddr_t) fuword(argv++))); } - } + } /* * extract environment strings |