Date: Sun, 3 Feb 2002 02:01:49 -0800 (PST) From: Akinori MUSHA <knu@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/bin/test test.c Message-ID: <200202031001.g13A1nr72223@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
knu 2002/02/03 02:01:49 PST
Modified files:
bin/test test.c
Log:
Work around a buffer overflow problem on argv that has been exposed
after making test(1) a sh(1) builtin; sh(1) coredumps when you run
something like this:
sh -c 'test ! `true 1`'
The cause is that the test(1) code totally depends on the presence of
two extra cells at the end of argv that are filled with NULL's. The
reason why the bug hasn't been exposed would be because the C startup
code kindly prepares argv with some extra zeroed cells for a program.
I know this is not the best fix, but since there are argv++'s without
boundary checks everywhere, I'd rather patch it up like this
(preparing a copy of argv with extra NULL's) for the moment.
MFC after: 3 days
Revision Changes Path
1.40 +16 -6 src/bin/test/test.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202031001.g13A1nr72223>