[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #48919] exec server can attempt null pointer dereference

From: Brent Baccala
Subject: [bug #48919] exec server can attempt null pointer dereference
Date: Sat, 27 Aug 2016 05:09:23 +0000 (UTC)
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0


                 Summary: exec server can attempt null pointer dereference
                 Project: The GNU Hurd
            Submitted by: baccala
            Submitted on: Sat 27 Aug 2016 05:09:21 AM GMT
                Category: Hurd Servers
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
         Reproducibility: Every Time
              Size (loc): None
         Planned Release: None
                  Effort: 0.00
Wiki-like text discussion box: 



The exec server can be made to dereference a NULL pointer when exec'ing a
shell script

Reproducing this bug requires a fresh instantiation of the exec server, and
since ext2fs caches its port to the exec server, that means a fresh
instantiation of ext2fs, too.

touch exec ramdisk mnt
settrans --active ramdisk /hurd/storeio -T copy zero:32M
mkfs.ext2 -F -b 4096 ramdisk
settrans --active exec /hurd/exec
remap /servers/exec $PWD/exec
...now in the remap shell...
settrans --active mnt /hurd/ext2fs ramdisk
cp /bin/which mnt

The problem is around lines 108-126 of hashexec.c.  If exec_setexecdata is
never called, then this code is reached with std_ports NULL.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]