From 2f86c7eb1586742428169502d63e646612344f7b Mon Sep 17 00:00:00 2001
From: ache <ache@FreeBSD.org>
Date: Wed, 23 Apr 1997 22:07:05 +0000
Subject: Don't clobber user space argv0 memory on shell exec, mainly for
 vfork() Fix another bug: if argv[0] is NULL, garbadge args might be added for
 shell script Submitted by: Tor Egge <Tor.Egge@idi.ntnu.no> (with yet one
 fault detect from me)

---
 sys/kern/imgact_shell.c |  5 ++---
 sys/kern/kern_exec.c    | 38 ++++++++++++++++++++++++--------------
 2 files changed, 26 insertions(+), 17 deletions(-)

(limited to 'sys')

diff --git a/sys/kern/imgact_shell.c b/sys/kern/imgact_shell.c
index fb03011..526aac7 100644
--- a/sys/kern/imgact_shell.c
+++ b/sys/kern/imgact_shell.c
@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id$
+ *	$Id: imgact_shell.c,v 1.14 1997/02/22 09:38:57 peter Exp $
  */
 
 #include <sys/param.h>
@@ -126,8 +126,7 @@ exec_shell_imgact(imgp)
 		}
 	}
 
-	/* set argv[0] to point to original file name */
-	suword(imgp->uap->argv, (int)imgp->uap->fname);
+	imgp->argv0 = imgp->uap->fname;
 
 	return(0);
 }
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index e1fcc0c..4c7f331 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: kern_exec.c,v 1.61 1997/04/13 03:05:31 dyson Exp $
+ *	$Id: kern_exec.c,v 1.62 1997/04/18 02:43:05 davidg Exp $
  */
 
 #include <sys/param.h>
@@ -118,6 +118,7 @@ execve(p, uap, retval)
 	imgp->attr = &attr;
 	imgp->image_header = NULL;
 	imgp->argc = imgp->envc = 0;
+	imgp->argv0 = NULL;
 	imgp->entry_addr = 0;
 	imgp->vmspace_destroyed = 0;
 	imgp->interpreted = 0;
@@ -435,20 +436,29 @@ exec_extract_strings(imgp)
 	argv = imgp->uap->argv;
 
 	if (argv) {
-		while ((argp = (caddr_t) fuword(argv++))) {
-			if (argp == (caddr_t) -1)
-				return (EFAULT);
-			if ((error = copyinstr(argp, imgp->stringp,
-			    imgp->stringspace, &length))) {
-				if (error == ENAMETOOLONG)
-					return(E2BIG);
-				return (error);
-			}
-			imgp->stringspace -= length;
-			imgp->stringp += length;
-			imgp->argc++;
+		argp = (caddr_t) fuword(argv);
+		if (argp == (caddr_t) -1)
+			return (EFAULT);
+		if (argp)
+			argv++;
+		if (imgp->argv0)
+			argp = imgp->argv0;
+		if (argp) {
+			do {
+				if (argp == (caddr_t) -1)
+					return (EFAULT);
+				if ((error = copyinstr(argp, imgp->stringp,
+				    imgp->stringspace, &length))) {
+					if (error == ENAMETOOLONG)
+						return(E2BIG);
+					return (error);
+				}
+				imgp->stringspace -= length;
+				imgp->stringp += length;
+				imgp->argc++;
+			} while ((argp = (caddr_t) fuword(argv++)));
 		}
-	}
+	}	
 
 	/*
 	 * extract environment strings
-- 
cgit v1.1