From owner-freebsd-bugs Sat Jun 2 5:30: 9 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 767AF37B424 for ; Sat, 2 Jun 2001 05:30:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f52CU2M65196; Sat, 2 Jun 2001 05:30:02 -0700 (PDT) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C26B037B422 for ; Sat, 2 Jun 2001 05:28:41 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f52CSfn65138; Sat, 2 Jun 2001 05:28:41 -0700 (PDT) (envelope-from nobody) Message-Id: <200106021228.f52CSfn65138@freefall.freebsd.org> Date: Sat, 2 Jun 2001 05:28:41 -0700 (PDT) From: jyliu@163.net To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: kern/27835: execve() doesn't conform to execve(2) spec in syscall manual Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 27835 >Category: kern >Synopsis: execve() doesn't conform to execve(2) spec in syscall manual >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jun 02 05:30:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Jiangyi Liu >Release: 4.3-STABLE >Organization: >Environment: FreeBSD fatcow.home 4.3-STABLE FreeBSD 4.3-STABLE #2: Sat Jun 2 19:59:52 CST 2001 jyliu@fatcow.home:/usr/src/sys/compile/FATCOW i386 >Description: According to execve(2), the argument argv is a pointer to a null-terminated array of character pointers to null-terminated character strings and at least one argument must be presented in the array. But execve("/bin/sh", NULL, NULL) runs without any error. Maybe it's harmless, but it doesn't conform to the syscall spec and it may tempt people to write non-portable code. >How-To-Repeat: Run the following code. Notice it runs without the expected error, EINVAL. #include int main() { if(execve("/bin/sh", NULL, NULL) < 0) perror("execve"); } >Fix: Following is an attampt to fix this problem. The part of ERRORS in execve(2) manual need to be updated for a new entry, EINVAL. ---begins here--- --- kern_exec.c.orig Sat Jun 2 12:32:29 2001 +++ kern_exec.c Sat Jun 2 19:58:48 2001 @@ -548,7 +548,13 @@ imgp->argc++; } while ((argp = (caddr_t) (intptr_t) fuword(argv++))); } - } + } + + /* + * at least one argument must be presented in argv + */ + if (!imgp->argc) + return (EINVAL); imgp->endargs = imgp->stringp; ---ends here--- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message