[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Potential buffer under-run in shell_execve()

From: John E. Malmberg
Subject: Potential buffer under-run in shell_execve()
Date: Sat, 13 Aug 2016 21:01:01 -0500
User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0


In Bash 4.3.42:

In execute_cmd/shell_execve(), if HAVE_BASH_BANG_EXEC is defined, the macro READ_SAMPLE_BUF has the potential to set sample_len to -1.

#if defined (HAVE_HASH_BANG_EXEC)
          READ_SAMPLE_BUF (command, sample, sample_len);
          sample[sample_len - 1] = '\0';

This would cause sample[-2] to be set to 0. Most likely it would set part of fd to 0, but all that depends on the compiler.

Since fd is not in use at this point, the under run would not be noticed.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]