about summary refs log tree commit diff
path: root/posix/execvpe.c
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright dates with scripts/update-copyrights.Joseph Myers2017-01-011-1/+1
|
* Fix writes past the allocated array bounds in execvpe (BZ#20847)Adhemerval Zanella2016-12-071-7/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | Commit 6c9e1be87a37bf wrongly fixes BZ#20847 by lefting the else branch on maybe_script_execute to still being able to invalid write on stack allocated buffer. It happens if execvp{e} is executed with an empty arguments list ({ NULL }) and although manual states first argument should be the script name itself, by convention, old and current implementation allows it. This patch fixes the issue by just account for arguments and not the final 'NULL' (since the 'argv + 1' will indeed ignored the script name). The empty argument list is handled in a special case with a minimum allocated size. The patch also adds extra tests for such case in tst-vfork3. Tested on x86_64. [BZ #20847] * posix/execvpe.c (maybe_script_execute): Remove write past allocated array bounds for else branch. (__execvpe): Style fixes. * posix/tst-vfork3.c (run_script): New function. (create_script): Likewise. (do_test): Use run_script internal function. (do_prepare): Use create_script internal function.
* Fix writes past the allocated array bounds in execvpe (BZ#20847)Adhemerval Zanella2016-11-221-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes an invalid write out or stack allocated buffer in 2 places at execvpe implementation: 1. On 'maybe_script_execute' function where it allocates the new argument list and it does not account that a minimum of argc plus 3 elements (default shell path, script name, arguments, and ending null pointer) should be considered. The straightforward fix is just to take account of the correct list size on argument copy. 2. On '__execvpe' where the executable file name lenght may not account for ending '\0' and thus subsequent path creation may write past array bounds because it requires to add the terminating null. The fix is to change how to calculate the executable name size to add the final '\0' and adjust the rest of the code accordingly. As described in GCC bug report 78433 [1], these issues were masked off by GCC because it allocated several bytes more than necessary so that many off-by-one bugs went unnoticed. Checked on x86_64 with a latest GCC (7.0.0 20161121) with -O3 on CFLAGS. [BZ #20847] * posix/execvpe.c (maybe_script_execute): Remove write past allocated array bounds. (__execvpe): Likewise. [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78433
* posix: execvpe cleanupAdhemerval Zanella2016-03-071-147/+108
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes all the dynamic allocation on execvpe code and instead use direct stack allocation. This is QoI approach to make it possible use in scenarios where memory is shared with parent (vfork or clone with CLONE_VM). For default process spawn (script file without a shebang), stack allocation is bounded by NAME_MAX plus PATH_MAX plus 1. Large file arguments returns an error (ENAMETOOLONG). This differs than current GLIBC pratice in general, but it used to limit stack allocation for large inputs. Also, path in PATH environment variable larger than PATH_MAX are ignored. The shell direct execution exeception, where execve returns ENOEXEC, might requires a large stack allocation due large input argument list. Tested on i686, x86_64, powerpc64le, and aarch64. * posix/execvpe.c (__execvpe): Remove dynamic allocation. * posix/Makefile (tests): Add tst-execvpe{1,2,3,4,5,6}. * posix/tst-execvp1.c (do_test): Use a macro to call execvp. * posix/tst-execvp2.c (do_test): Likewise. * posix/tst-execvp3.c (do_test): Likewise. * posix/tst-execvp4.c (do_test): Likewise. * posix/tst-execvpe1.c: New file. * posix/tst-execvpe2.c: Likewise. * posix/tst-execvpe3.c: Likewise. * posix/tst-execvpe4.c: Likewise. * posix/tst-execvpe5.c: Likewise. * posix/tst-execvpe6.c: Likewise.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2016-01-041-1/+1
|
* Convert 24 more function definitions to prototype style (array parameters).Joseph Myers2015-10-201-4/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This automatically-generated patch converts 24 function definitions in glibc from old-style K&R to prototype-style. Following my other recent such patches, this one deals with the case of functions with array parameters. Tested for x86_64 and x86 (testsuite, and that installed stripped shared libraries are unchanged by the patch). * crypt/cert.c (main): Convert to prototype-style function definition. * io/pipe.c (__pipe): Likewise. * io/pipe2.c (__pipe2): Likewise. * misc/futimesat.c (futimesat): Likewise. * misc/utimes.c (__utimes): Likewise. * posix/execve.c (__execve): Likewise. * posix/execvp.c (execvp): Likewise. * posix/execvpe.c (__execvpe): Likewise. * posix/fexecve.c (fexecve): Likewise. * socket/socketpair.c (socketpair): Likewise. * stdlib/drand48-iter.c (__drand48_iterate): Likewise. * stdlib/erand48.c (erand48): Likewise. * stdlib/erand48_r.c (__erand48_r): Likewise. * stdlib/jrand48.c (jrand48): Likewise. * stdlib/jrand48_r.c (__jrand48_r): Likewise. * stdlib/lcong48.c (lcong48): Likewise. * stdlib/lcong48_r.c (__lcong48_r): Likewise. * stdlib/nrand48.c (nrand48): Likewise. * stdlib/nrand48_r.c (__nrand48_r): Likewise. * stdlib/seed48.c (seed48): Likewise. * stdlib/seed48_r.c (__seed48_r): Likewise. * sysdeps/mach/hurd/execve.c (__execve): Likewise. * sysdeps/mach/hurd/utimes.c (__utimes): Likewise. * sysdeps/unix/sysv/linux/fexecve.c (fexecve): Likewise.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2015-01-021-1/+1
|
* Update copyright notices with scripts/update-copyrightsAllan McRae2014-01-011-1/+1
|
* Update copyright notices with scripts/update-copyrights.Joseph Myers2013-01-021-2/+1
|
* Replace FSF snail mail address with URLs.Paul Eggert2012-02-091-3/+2
|
* Implement execvpe.Ulrich Drepper2009-06-021-0/+221
There is some existing practice in other OSes and it's trivial to implement giving the existing code. Fixes BZ #10221.