Looks like split of execve(2) syscall created bugs
Matthew Dillon
dillon at apollo.backplane.com
Sat Jan 29 12:50:00 PST 2005
:> You'll have to be more specific about case (2). What in the codebase
:> are you refering to, file and line ?
:
:Trunk as of several hours ago, sys/kern/kern_exec.c function
:exec_copyin_args() around line 700. The code there fetches pointer to
:argv[0] from userspace, checks if it's NULL and puts first argument
:instead of it. Then it increases userspace pointer by one and fetches
:the next pointer *unconditionally*, so that in the case when argv[0] is
:NULL you may get some invalid (e.g. junk but non-NULL pointer) and get
:EFAULT for no reason. The same code ignores argv being NULL - see my
:follow-up. FreeBSD code in this case explicitly returns EFAULT.
:
:-Maxim
That looks pretty straightforward. The code has changed very little
from FreeBSD. I'll do the first part of the cleanup but for the moment
I think we should leave the argv[0] NULL check in the common code rather
then just having it in the script code.
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Bugs
mailing list