DragonFly BSD
DragonFly bugs List (threaded) for 2005-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Looks like split of execve(2) syscall created bugs

From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 29 Jan 2005 12:49:09 -0800 (PST)

:>     You'll have to be more specific about case (2).  What in the codebase
:>     are you refering to, file and line ?
:Trunk as of several hours ago, sys/kern/kern_exec.c function 
:exec_copyin_args() around line 700. The code there fetches pointer to 
:argv[0] from userspace, checks if it's NULL and puts first argument 
:instead of it. Then it increases userspace pointer by one and fetches 
:the next pointer *unconditionally*, so that in the case when argv[0] is 
:NULL you may get some invalid (e.g. junk but non-NULL pointer) and get 
:EFAULT for no reason. The same code ignores argv being NULL - see my 
:follow-up. FreeBSD code in this case explicitly returns EFAULT.

    That looks pretty straightforward.  The code has changed very little
    from FreeBSD.  I'll do the first part of the cleanup but for the moment
    I think we should leave the argv[0] NULL check in the common code rather
    then just having it in the script code.

					Matthew Dillon 

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]