Date: Fri, 28 Nov 1997 03:40:01 -0800 (PST) From: Bruce Evans <bde@zeta.org.au> To: freebsd-bugs Subject: Re: bin/5172: [2.2.5] /bin/sh dumps core Message-ID: <199711281140.DAA08991@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/5172; it has been noted by GNATS.
From: Bruce Evans <bde@zeta.org.au>
To: FreeBSD-gnats-submit@FreeBSD.ORG, kagotani@in.it.okayama-u.ac.jp
Cc: Subject: Re: bin/5172: [2.2.5] /bin/sh dumps core
Date: Fri, 28 Nov 1997 22:28:39 +1100
>>Fix:
>
>shellexec() in /bin/sh assumes that tryexec() does not change argv[0].
>But execve(2) called in tryexec() changes it.
>(I'm not sure whether this is a spec or a bug of execve(2).)
This is a bug in execve(). It was fixed long ago in -current. There
were related bugs when argv[0] is const. I extracted the diffs for the
original commit but can't test them in 2.2.x.
Bruce
Index: imgact_shell.c
===================================================================
RCS file: /a/ncvs/src/sys/kern/imgact_shell.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -c -2 -r1.14 -r1.15
*** imgact_shell.c 1997/02/22 09:38:57 1.14
--- imgact_shell.c 1997/04/23 22:07:04 1.15
***************
*** 24,28 ****
* SUCH DAMAGE.
*
! * $Id: imgact_shell.c,v 1.14 1997/02/22 09:38:57 peter Exp $
*/
--- 24,28 ----
* SUCH DAMAGE.
*
! * $Id: imgact_shell.c,v 1.15 1997/04/23 22:07:04 ache Exp $
*/
***************
*** 127,132 ****
}
! /* set argv[0] to point to original file name */
! suword(imgp->uap->argv, (int)imgp->uap->fname);
return(0);
--- 127,131 ----
}
! imgp->argv0 = imgp->uap->fname;
return(0);
Index: kern_exec.c
===================================================================
RCS file: /a/ncvs/src/sys/kern/kern_exec.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -c -2 -r1.62 -r1.63
*** kern_exec.c 1997/04/18 02:43:05 1.62
--- kern_exec.c 1997/04/23 22:07:05 1.63
***************
*** 24,28 ****
* SUCH DAMAGE.
*
! * $Id: kern_exec.c,v 1.62 1997/04/18 02:43:05 davidg Exp $
*/
--- 24,28 ----
* SUCH DAMAGE.
*
! * $Id: kern_exec.c,v 1.63 1997/04/23 22:07:05 ache Exp $
*/
***************
*** 119,122 ****
--- 119,123 ----
imgp->image_header = NULL;
imgp->argc = imgp->envc = 0;
+ imgp->argv0 = NULL;
imgp->entry_addr = 0;
imgp->vmspace_destroyed = 0;
***************
*** 436,453 ****
if (argv) {
! while ((argp = (caddr_t) fuword(argv++))) {
! if (argp == (caddr_t) -1)
! return (EFAULT);
! if ((error = copyinstr(argp, imgp->stringp,
! imgp->stringspace, &length))) {
! if (error == ENAMETOOLONG)
! return(E2BIG);
! return (error);
! }
! imgp->stringspace -= length;
! imgp->stringp += length;
! imgp->argc++;
}
! }
/*
--- 437,463 ----
if (argv) {
! argp = (caddr_t) fuword(argv);
! if (argp == (caddr_t) -1)
! return (EFAULT);
! if (argp)
! argv++;
! if (imgp->argv0)
! argp = imgp->argv0;
! if (argp) {
! do {
! if (argp == (caddr_t) -1)
! return (EFAULT);
! if ((error = copyinstr(argp, imgp->stringp,
! imgp->stringspace, &length))) {
! if (error == ENAMETOOLONG)
! return(E2BIG);
! return (error);
! }
! imgp->stringspace -= length;
! imgp->stringp += length;
! imgp->argc++;
! } while ((argp = (caddr_t) fuword(argv++)));
}
! }
/*
Index: imgact.h
===================================================================
RCS file: /a/ncvs/src/sys/sys/imgact.h,v
retrieving revision 1.14
retrieving revision 1.15
diff -c -r1.14 -r1.15
*** imgact.h 1997/02/22 09:45:17 1.14
--- imgact.h 1997/04/23 22:02:37 1.15
***************
*** 30,36 ****
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
! * $Id: imgact.h,v 1.14 1997/02/22 09:45:17 peter Exp $
*/
#ifndef _SYS_IMGACT_H_
--- 30,36 ----
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
! * $Id: imgact.h,v 1.15 1997/04/23 22:02:37 ache Exp $
*/
#ifndef _SYS_IMGACT_H_
***************
*** 46,51 ****
--- 46,52 ----
char *stringp; /* current 'end' pointer of tmp strings */
int stringspace; /* space left in tmp string storage area */
int argc, envc; /* count of argument and environment strings */
+ char *argv0; /* Replacement for argv[0] when interpreting */
unsigned long entry_addr; /* entry address of target executable */
char vmspace_destroyed; /* flag - we've blown away original vm space */
char interpreted; /* flag - this executable is interpreted */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711281140.DAA08991>