[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash 2.05 'unsigned char' cleanup
From: |
Brian J. Fox |
Subject: |
Re: Bash 2.05 'unsigned char' cleanup |
Date: |
Mon, 07 May 2001 21:20:54 -0700 |
Date: Mon, 7 May 2001 16:30:13 -0700 (PDT)
From: Paul Eggert <eggert@twinsun.com>
> From: "Brian J. Fox" <bfox@ua.com>
> Date: Mon, 07 May 2001 14:03:00 -0700
>
> I don't see the overrun code. Perhaps you could explain it to me?
Sure. Here's the scenario (all done by code inspection):
shell_execve is invoked on a non-directory file where execve fails
with errno==ENOEXEC because we are running on a losing operating
system where HAVE_HASH_BANG_EXEC is not defined. shell_execve then
reads the first 80 bytes of the file (which are '#', '!', and 78
spaces) into an internal buffer, and invokes execute_shell_script.
execute_shell_script contains the following code:
/* Find the name of the interpreter to exec. */
for (i = 2; whitespace (sample[i]) && i < sample_len; i++)
;
Ah.
The simplest fix is to add one byte to 'sample' and to initialize it
to zero, which is what my proposed patch does. Once you do this, the
code gets a bit simpler anyway.
Gee, I would think that the simplest fix would be to check the length
first:
/* Find the name of the interpreter to exec. */
for (i = 2; (i < sample_len) && whitespace (sample[i]); i++);
then fix the WHITECHAR and STRINGCHAR macros to check for
out-of-bounds *first*, which they should have done anyway:
# define WHITECHAR(ind) \
(ind < sample_len && whitespace (sample[ind]) && sample[ind] != '\n')
# define STRINGCHAR(ind) \
(ind < sample_len && !whitespace (sample[ind]) && sample[ind] != '\n')
Or not?
Brian
== The Difference Between Cultures: ==
Einigkeit und Recht und Freiheit
Liberte', E'galite', Fraternite'
Sex, drugs and rock'n'roll