bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #48919] exec server can attempt null pointer dereference


From: Brent Baccala
Subject: [bug #48919] exec server can attempt null pointer dereference
Date: Sat, 27 Aug 2016 05:09:23 +0000 (UTC)
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0

URL:
  <http://savannah.gnu.org/bugs/?48919>

                 Summary: exec server can attempt null pointer dereference
                 Project: The GNU Hurd
            Submitted by: baccala
            Submitted on: Sat 27 Aug 2016 05:09:21 AM GMT
                Category: Hurd Servers
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
         Reproducibility: Every Time
              Size (loc): None
         Planned Release: None
                  Effort: 0.00
Wiki-like text discussion box: 

    _______________________________________________________

Details:

The exec server can be made to dereference a NULL pointer when exec'ing a
shell script

Reproducing this bug requires a fresh instantiation of the exec server, and
since ext2fs caches its port to the exec server, that means a fresh
instantiation of ext2fs, too.


touch exec ramdisk mnt
settrans --active ramdisk /hurd/storeio -T copy zero:32M
mkfs.ext2 -F -b 4096 ramdisk
settrans --active exec /hurd/exec
remap /servers/exec $PWD/exec
...now in the remap shell...
settrans --active mnt /hurd/ext2fs ramdisk
cp /bin/which mnt
./mnt/which


The problem is around lines 108-126 of hashexec.c.  If exec_setexecdata is
never called, then this code is reached with std_ports NULL.






    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?48919>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]