From 598d3c5a3daedace93b9fe4d6b5f0e7cf96ccd5e Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Wed, 24 Mar 2021 12:19:45 +0100 Subject: Fix a buf and a portability issue found by Jonathan Frech MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1) Fix read of potententially uninitialised memory when reading hostname This bug could cause the program to enter a loop and eventually die because it cannot allocate memory. 2) Instead of using execvpe(3) (non-standard), set environ and call execvp(3). (This works because asroot does not change PATH.) Signed-off-by: Mattias Andrée --- asroot.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/asroot.c b/asroot.c index 193926d..eefb81c 100644 --- a/asroot.c +++ b/asroot.c @@ -237,11 +237,11 @@ check_password(void) for (;;) { hostname = realloc(hostname, size *= 2); if (!hostname) { - fprintf(stderr, "%s: realloc %zu: %s\n", argv0, size, strerror(errno)); + fprintf(stderr, "%s: realloc1 %zu: %s\n", argv0, size, strerror(errno)); } *hostname = 0; if (!gethostname(hostname, size)) { - if (!hostname[size - 2]) + if (strnlen(hostname, size) < size - 1) break; } else if (errno != ENAMETOOLONG) { fprintf(stderr, "%s: gethostname %zu: %s\n", argv0, size, strerror(errno)); @@ -393,7 +393,9 @@ main(int argc, char *argv[]) exit(EXIT_ERROR); } - execvpe(argv[0], argv, new_environ ? new_environ : environ); + if (new_environ) + environ = new_environ; + execvp(argv[0], argv); fprintf(stderr, "%s: execvpe %s: %s\n", argv0, argv[0], strerror(errno)); return errno == ENOENT ? EXIT_NOENT : EXIT_EXEC; } -- cgit v1.2.3-70-g09d2