bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash 2.05 'unsigned char' cleanup


From: Brian J. Fox
Subject: Re: Bash 2.05 'unsigned char' cleanup
Date: Mon, 07 May 2001 21:20:54 -0700

   Date: Mon, 7 May 2001 16:30:13 -0700 (PDT)
   From: Paul Eggert <eggert@twinsun.com>

   > From: "Brian J. Fox" <bfox@ua.com>
   > Date: Mon, 07 May 2001 14:03:00 -0700
   > 
   > I don't see the overrun code.  Perhaps you could explain it to me?

   Sure.  Here's the scenario (all done by code inspection):

   shell_execve is invoked on a non-directory file where execve fails
   with errno==ENOEXEC because we are running on a losing operating
   system where HAVE_HASH_BANG_EXEC is not defined.  shell_execve then
   reads the first 80 bytes of the file (which are '#', '!', and 78
   spaces) into an internal buffer, and invokes execute_shell_script.
   execute_shell_script contains the following code:

     /* Find the name of the interpreter to exec. */
     for (i = 2; whitespace (sample[i]) && i < sample_len; i++)
       ;

Ah.

   The simplest fix is to add one byte to 'sample' and to initialize it
   to zero, which is what my proposed patch does.  Once you do this, the
   code gets a bit simpler anyway.

Gee, I would think that the simplest fix would be to check the length
first:
     /* Find the name of the interpreter to exec. */
     for (i = 2; (i < sample_len) && whitespace (sample[i]); i++);

then fix the WHITECHAR and STRINGCHAR macros to check for
out-of-bounds *first*, which they should have done anyway:

#  define WHITECHAR(ind) \
    (ind < sample_len && whitespace (sample[ind]) && sample[ind] != '\n')

#  define STRINGCHAR(ind) \
    (ind < sample_len && !whitespace (sample[ind]) && sample[ind] != '\n')


Or not?

Brian
== The Difference Between Cultures: ==
    Einigkeit und Recht und Freiheit
    Liberte', E'galite', Fraternite'
    Sex, drugs and rock'n'roll



reply via email to

[Prev in Thread] Current Thread [Next in Thread]