Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 2 Jun 2001 05:28:41 -0700 (PDT)
From:      jyliu@163.net
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/27835: execve() doesn't conform to execve(2) spec in syscall manual
Message-ID:  <200106021228.f52CSfn65138@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 


>Number:         27835
>Category:       kern
>Synopsis:       execve() doesn't conform to execve(2) spec in syscall manual
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 02 05:30:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Jiangyi Liu
>Release:        4.3-STABLE
>Organization:
>Environment:
FreeBSD fatcow.home 4.3-STABLE FreeBSD 4.3-STABLE #2: Sat Jun  2 19:59:52 CST 2001     jyliu@fatcow.home:/usr/src/sys/compile/FATCOW  i386

>Description:
According to execve(2), the argument argv is a pointer to a 
null-terminated array of character pointers to null-terminated 
character strings and at least one argument must be presented 
in the array.
But execve("/bin/sh", NULL, NULL) runs without any error. 
Maybe it's harmless, but it doesn't conform to the syscall spec 
and it may tempt people to write non-portable code.
>How-To-Repeat:
Run the following code. Notice it runs without the expected error, EINVAL.
#include <unistd.h>

int main()
{
	if(execve("/bin/sh", NULL, NULL) < 0)
		perror("execve");
}
>Fix:
Following is an attampt to fix this problem. The part of ERRORS
in execve(2) manual need to be updated for a new entry, EINVAL.

---begins here---
--- kern_exec.c.orig    Sat Jun  2 12:32:29 2001
+++ kern_exec.c Sat Jun  2 19:58:48 2001
@@ -548,7 +548,13 @@
                                imgp->argc++;
                        } while ((argp = (caddr_t) (intptr_t) fuword(argv++)));
                }
-       }       
+       }
+
+    /*
+     * at least one argument must be presented in argv
+     */
+    if (!imgp->argc)
+        return (EINVAL);
 
        imgp->endargs = imgp->stringp;
---ends here---

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106021228.f52CSfn65138>