isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Redo setting of user_args. We now build up a private copy of argv

Browse Source 
first and then replace the NULs with spaces.
This commit is contained in:
Todd C. Miller
2007-06-24 13:25:01 +00:00
parent a83e28b250
commit 9f49d28eaf
1 changed files with 40 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
mon_systrace.c
View File

@@ -555,7 +555,7 @@ systrace_write(fd, pid, addr, buf, len)
io.strio_offs = addr; io.strio_offs = addr;
io.strio_op = SYSTR_WRITE; io.strio_op = SYSTR_WRITE;
if ((rval = ioctl(fd, STRIOCIO, &io)) != 0) if ((rval = ioctl(fd, STRIOCIO, &io)) != 0)
warning("systrace_read: STRIOCIO"); warning("systrace_write: STRIOCIO");
return(rval ? -1 : (ssize_t)io.strio_len); return(rval ? -1 : (ssize_t)io.strio_len);
} }
@@ -773,9 +773,15 @@ decode_args(fd, pid, askp)
struct str_msg_ask *askp; struct str_msg_ask *askp;
{ {
ssize_t len; ssize_t len;
char *off, *ap, *cp, *ep; int i, argc, argc_max;
char *off, *ap, *cp, *ep, **argv;
static char pbuf[PATH_MAX], abuf[ARG_MAX]; static char pbuf[PATH_MAX], abuf[ARG_MAX];
/*
* Fill in user_cmnd and user_base from the 1st arg to execve().
* Note that this is the path the kernel will execute, which
* may be different from argv[0].
*/
memset(pbuf, 0, sizeof(pbuf)); memset(pbuf, 0, sizeof(pbuf));
if (read_string(fd, pid, (void *)askp->args[0], pbuf, sizeof(pbuf)) == -1) if (read_string(fd, pid, (void *)askp->args[0], pbuf, sizeof(pbuf)) == -1)
return(-1); return(-1);
@@ -785,29 +791,49 @@ decode_args(fd, pid, askp)
user_base = user_cmnd; user_base = user_cmnd;
user_args = NULL; user_args = NULL;
/* XXX - write exec path back to stack gap */
/* /*
* Loop through argv, collapsing it into a single string and reading * Make a local copy of argv, looping until we hit the
* until we hit the terminating NULL. We skip argv[0]. * terminating NULL pointer.
*/ */
argc = 0;
argc_max = 16;
argv = emalloc2(argc_max, sizeof(char *));
memset(abuf, 0, sizeof(abuf)); memset(abuf, 0, sizeof(abuf));
off = (char *)askp->args[1]; off = (char *)askp->args[1];
for (cp = abuf, ep = abuf + sizeof(abuf); cp < ep; off += sizeof(char *)) { for (cp = abuf, ep = abuf + sizeof(abuf); cp < ep; off += sizeof(char *)) {
if (systrace_read(fd, pid, off, &ap, sizeof(ap)) == -1) if (systrace_read(fd, pid, off, &ap, sizeof(ap)) == -1)
return(-1); return(-1);
if (ap == NULL) { if (ap == NULL)
if (cp != abuf) { break; /* end of args */
cp[-1] = '\0'; /* replace final space with a NUL */ if (argc + 1 >= argc_max) {
user_args = abuf; argc_max *= 2;
} argv = erealloc3(argv, argc_max, sizeof(char *));
break;
} }
if (off == (char *)askp->args[1])
continue; /* skip argv[0] */
if ((len = read_string(fd, pid, ap, cp, ep - cp)) == -1) if ((len = read_string(fd, pid, ap, cp, ep - cp)) == -1)
return(-1); return(-1);
argv[argc++] = cp;
cp += len; cp += len;
*cp++ = ' '; /* replace NUL with a space */
} }
ep = cp;
argv[argc] = NULL;
/* XXX - now write argv back into stack gap. */
/*
* Collapse argv into user_args, skipping argv[0].
* Since argv strings are contiguous (in abuf) we can
* just replace the previous char in each string with a
* space.
*/
if (argc > 1) {
user_args = argv[1];
for (i = 2; i < argc; i++)
argv[i][-1] = ' '; /* replace NUL with a space */
}
efree(argv);
return(0); return(0);
} }
@@ -860,7 +886,7 @@ check_execv(fd, pid, seqnr, askp, policyp, errorp)
return(0); return(0);
} }
/* Get processes's cwd. */ /* Get process cwd. */
rval = ioctl(fd, STRIOCGETCWD, &pid); rval = ioctl(fd, STRIOCGETCWD, &pid);
if (rval == -1 || getcwd(user_cwd, sizeof(user_cwd)) == NULL) { if (rval == -1 || getcwd(user_cwd, sizeof(user_cwd)) == NULL) {
if (rval == -1 && errno == EBUSY) if (rval == -1 && errno == EBUSY)