[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential buffer under-run in shell_execve()

From: Chet Ramey
Subject: Re: Potential buffer under-run in shell_execve()
Date: Tue, 16 Aug 2016 10:15:09 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

On 8/13/16 10:01 PM, John E. Malmberg wrote:
> Hello,
> In Bash 4.3.42:
> In execute_cmd/shell_execve(), if HAVE_BASH_BANG_EXEC is defined, the macro
> READ_SAMPLE_BUF has the potential to set sample_len to -1.
> #if defined (HAVE_HASH_BANG_EXEC)
>           READ_SAMPLE_BUF (command, sample, sample_len);
>           sample[sample_len - 1] = '\0';
> This would cause sample[-2] to be set to 0.  Most likely it would set part
> of fd to 0, but all that depends on the compiler.

Thanks for the report.  Since this code path is taken on failure, and the
child process exits immediately afterward, it's likely not dangerous.


``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]