[PATCH] progname: don't segfault when argv is NULL

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] progname: don't segfault when argv is NULL

From:	Jim Meyering
Subject:	[PATCH] progname: don't segfault when argv is NULL
Date:	Fri, 04 Dec 2009 14:34:19 +0100

Hi Bruno,

Ok to apply the patch below?
Without it, anyone can make nearly any coreutils program segfault
with this simple recipe:

    printf '%s\n' '#include <unistd.h>' 'int main(int c, char**v)' \
    '{ execve (v[1], 0, 0); }' > k.c && gcc k.c && ./a.out /bin/cat

While that usage of execve is in violation of POSIX,
nothing prevents a set_program_name caller from calling
the function with a NULL argument.  Hence, we should handle it.

As for why I chose to use an empty string, ...
That will make it obvious that something is going wrong,
and cannot be confused with a legitimate program name.

For reference, perl uses the empty string, too:

    $ printf 'print ":$ARGV[0]:\n"' |./a.out /usr/bin/perl
    ::


>From 761448cef4c36ec0551eeaa39fb65a87c0ba39ae Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Fri, 4 Dec 2009 14:28:25 +0100
Subject: [PATCH] progname: don't segfault when argv is NULL

* lib/progname.c (set_program_name): Don't let an abusive or
erroneous caller induce a NULL dereference.  Handle a NULL argument.
---
 ChangeLog      |    6 ++++++
 lib/progname.c |    3 +++
 2 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index da260c1..30353ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-12-04  Jim Meyering  <address@hidden>
+
+       progname: don't segfault when argv is NULL
+       * lib/progname.c (set_program_name): Don't let an abusive or
+       erroneous caller induce a NULL dereference.  Handle a NULL argument.
+
 2009-12-03  Paolo Bonzini  <address@hidden>

        exclude: Fix header file problems.
diff --git a/lib/progname.c b/lib/progname.c
index bfa374a..d847d1e 100644
--- a/lib/progname.c
+++ b/lib/progname.c
@@ -42,6 +42,9 @@ set_program_name (const char *argv0)
   const char *slash;
   const char *base;

+  if (argv0 == NULL)
+    argv0 = "";
+
   slash = strrchr (argv0, '/');
   base = (slash != NULL ? slash + 1 : argv0);
   if (base - argv0 >= 7 && strncmp (base - 7, "/.libs/", 7) == 0)
--
1.6.6.rc1.280.ge45b

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] progname: don't segfault when argv is NULL, Jim Meyering <=
- Re: [PATCH] progname: don't segfault when argv is NULL, Bruno Haible, 2009/12/04
  - Re: [PATCH] progname: don't segfault when argv is NULL, Pádraig Brady, 2009/12/04
  - Re: [PATCH] progname: don't segfault when argv is NULL, Eric Blake, 2009/12/04
    - Re: [PATCH] progname: don't segfault when argv is NULL, Bruno Haible, 2009/12/04
  - Re: [PATCH] progname: don't segfault when argv is NULL, Jim Meyering, 2009/12/05
    - Re: [PATCH] progname: don't segfault when argv is NULL, Bruno Haible, 2009/12/05
    - Re: [PATCH] progname: don't segfault when argv is NULL, Eric Blake, 2009/12/05
    - Re: [PATCH] progname: don't segfault when argv is NULL, Bruno Haible, 2009/12/05
    - Re: [PATCH] progname: don't segfault when argv is NULL, Jim Meyering, 2009/12/06
    - __nonnull__ declarations, Bruno Haible, 2009/12/06

Prev by Date: Re: [PATCH] Add missing dependency to gnulib
Next by Date: Re: Problem with id when mgetgroups returns no groups.
Previous by thread: [PATCH] Add missing dependency to gnulib
Next by thread: Re: [PATCH] progname: don't segfault when argv is NULL
Index(es):
- Date
- Thread