aboutsummaryrefslogtreecommitdiff
path: root/posix
diff options
context:
space:
mode:
authorAdhemerval Zanella <adhemerval.zanella@linaro.org>2016-01-29 11:43:40 -0200
committerAdhemerval Zanella <adhemerval.zanella@linaro.com>2016-03-07 00:21:36 -0300
commitf83bb9b8e97656ae0d3e2a31e859363e2d4d5832 (patch)
tree3360c4505fee657945315275c1a23d2347c52c08 /posix
parentfee9eb6200f0e44a4b684903bc47fde36d46f1a5 (diff)
downloadglibc-f83bb9b8e97656ae0d3e2a31e859363e2d4d5832.zip
glibc-f83bb9b8e97656ae0d3e2a31e859363e2d4d5832.tar.gz
glibc-f83bb9b8e97656ae0d3e2a31e859363e2d4d5832.tar.bz2
posix: Remove dynamic memory allocation from execl{e,p}
GLIBC execl{e,p} implementation might use malloc if the total number of arguments exceed initial assumption size (1024). This might lead to issues in two situations: 1. execl/execle is stated to be async-signal-safe by POSIX [1]. However if execl is used in a signal handler with a large argument set (that may call malloc internally) and if the resulting call fails it might lead malloc in the program in a bad state. 2. If the functions are used in a vfork/clone(VFORK) situation it also might issue malloc internal bad state. This patch fixes it by using stack allocation instead. It also fixes BZ#19534. Tested on x86_64. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html [BZ #19534] * posix/execl.c (execl): Remove dynamic memory allocation. * posix/execle.c (execle): Likewise. * posix/execlp.c (execlp): Likewise.
Diffstat (limited to 'posix')
-rw-r--r--posix/execl.c68
-rw-r--r--posix/execle.c70
-rw-r--r--posix/execlp.c66
3 files changed, 79 insertions, 125 deletions
diff --git a/posix/execl.c b/posix/execl.c
index 102d19d..75aa190 100644
--- a/posix/execl.c
+++ b/posix/execl.c
@@ -16,58 +16,42 @@
<http://www.gnu.org/licenses/>. */
#include <unistd.h>
+#include <errno.h>
#include <stdarg.h>
-#include <stddef.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <stackinfo.h>
-
+#include <sys/param.h>
/* Execute PATH with all arguments after PATH until
a NULL pointer and environment from `environ'. */
int
execl (const char *path, const char *arg, ...)
{
-#define INITIAL_ARGV_MAX 1024
- size_t argv_max = INITIAL_ARGV_MAX;
- const char *initial_argv[INITIAL_ARGV_MAX];
- const char **argv = initial_argv;
- va_list args;
-
- argv[0] = arg;
-
- va_start (args, arg);
- unsigned int i = 0;
- while (argv[i++] != NULL)
+ ptrdiff_t argc;
+ va_list ap;
+ va_start (ap, arg);
+ for (argc = 1; va_arg (ap, const char *); argc++)
{
- if (i == argv_max)
+ if (argc == INT_MAX)
{
- argv_max *= 2;
- const char **nptr = realloc (argv == initial_argv ? NULL : argv,
- argv_max * sizeof (const char *));
- if (nptr == NULL)
- {
- if (argv != initial_argv)
- free (argv);
- va_end (args);
- return -1;
- }
- if (argv == initial_argv)
- /* We have to copy the already filled-in data ourselves. */
- memcpy (nptr, argv, i * sizeof (const char *));
-
- argv = nptr;
+ va_end (ap);
+ errno = E2BIG;
+ return -1;
}
-
- argv[i] = va_arg (args, const char *);
}
- va_end (args);
-
- int ret = __execve (path, (char *const *) argv, __environ);
- if (argv != initial_argv)
- free (argv);
-
- return ret;
+ va_end (ap);
+
+ /* Avoid dynamic memory allocation due two main issues:
+ 1. The function should be async-signal-safe and a running on a signal
+ handler with a fail outcome might lead to malloc bad state.
+ 2. It might be used in a vfork/clone(VFORK) scenario where using
+ malloc also might lead to internal bad state. */
+ ptrdiff_t i;
+ char *argv[argc + 1];
+ va_start (ap, arg);
+ argv[0] = (char *) arg;
+ for (i = 1; i <= argc; i++)
+ argv[i] = va_arg (ap, char *);
+ va_end (ap);
+
+ return __execve (path, argv, __environ);
}
libc_hidden_def (execl)
diff --git a/posix/execle.c b/posix/execle.c
index 8edc03a..50e843e 100644
--- a/posix/execle.c
+++ b/posix/execle.c
@@ -17,57 +17,43 @@
#include <unistd.h>
#include <stdarg.h>
-#include <stddef.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <stackinfo.h>
+#include <errno.h>
+#include <sys/param.h>
/* Execute PATH with all arguments after PATH until a NULL pointer,
and the argument after that for environment. */
int
execle (const char *path, const char *arg, ...)
{
-#define INITIAL_ARGV_MAX 1024
- size_t argv_max = INITIAL_ARGV_MAX;
- const char *initial_argv[INITIAL_ARGV_MAX];
- const char **argv = initial_argv;
- va_list args;
- argv[0] = arg;
-
- va_start (args, arg);
- unsigned int i = 0;
- while (argv[i++] != NULL)
+ ptrdiff_t argc;
+ va_list ap;
+ va_start (ap, arg);
+ for (argc = 1; va_arg (ap, const char *); argc++)
{
- if (i == argv_max)
+ if (argc == INT_MAX)
{
- argv_max *= 2;
- const char **nptr = realloc (argv == initial_argv ? NULL : argv,
- argv_max * sizeof (const char *));
- if (nptr == NULL)
- {
- if (argv != initial_argv)
- free (argv);
- va_end (args);
- return -1;
- }
- if (argv == initial_argv)
- /* We have to copy the already filled-in data ourselves. */
- memcpy (nptr, argv, i * sizeof (const char *));
-
- argv = nptr;
+ va_end (ap);
+ errno = E2BIG;
+ return -1;
}
-
- argv[i] = va_arg (args, const char *);
}
-
- const char *const *envp = va_arg (args, const char *const *);
- va_end (args);
-
- int ret = __execve (path, (char *const *) argv, (char *const *) envp);
- if (argv != initial_argv)
- free (argv);
-
- return ret;
+ va_end (ap);
+
+ /* Avoid dynamic memory allocation due two main issues:
+ 1. The function should be async-signal-safe and a running on a signal
+ handler with a fail outcome might lead to malloc bad state.
+ 2. It might be used in a vfork/clone(VFORK) scenario where using
+ malloc also might lead to internal bad state. */
+ ptrdiff_t i;
+ char *argv[argc + 1];
+ char **envp;
+ va_start (ap, arg);
+ argv[0] = (char *) arg;
+ for (i = 1; i <= argc; i++)
+ argv[i] = va_arg (ap, char *);
+ envp = va_arg (ap, char **);
+ va_end (ap);
+
+ return __execve (path, argv, envp);
}
libc_hidden_def (execle)
diff --git a/posix/execlp.c b/posix/execlp.c
index 6700994..d292d97 100644
--- a/posix/execlp.c
+++ b/posix/execlp.c
@@ -17,11 +17,8 @@
#include <unistd.h>
#include <stdarg.h>
-#include <stddef.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <stackinfo.h>
+#include <errno.h>
+#include <sys/param.h>
/* Execute FILE, searching in the `PATH' environment variable if
it contains no slashes, with all arguments after FILE until a
@@ -29,45 +26,32 @@
int
execlp (const char *file, const char *arg, ...)
{
-#define INITIAL_ARGV_MAX 1024
- size_t argv_max = INITIAL_ARGV_MAX;
- const char *initial_argv[INITIAL_ARGV_MAX];
- const char **argv = initial_argv;
- va_list args;
-
- argv[0] = arg;
-
- va_start (args, arg);
- unsigned int i = 0;
- while (argv[i++] != NULL)
+ ptrdiff_t argc;
+ va_list ap;
+ va_start (ap, arg);
+ for (argc = 1; va_arg (ap, const char *); argc++)
{
- if (i == argv_max)
+ if (argc == INT_MAX)
{
- argv_max *= 2;
- const char **nptr = realloc (argv == initial_argv ? NULL : argv,
- argv_max * sizeof (const char *));
- if (nptr == NULL)
- {
- if (argv != initial_argv)
- free (argv);
- va_end (args);
- return -1;
- }
- if (argv == initial_argv)
- /* We have to copy the already filled-in data ourselves. */
- memcpy (nptr, argv, i * sizeof (const char *));
-
- argv = nptr;
+ va_end (ap);
+ errno = E2BIG;
+ return -1;
}
-
- argv[i] = va_arg (args, const char *);
}
- va_end (args);
-
- int ret = execvp (file, (char *const *) argv);
- if (argv != initial_argv)
- free (argv);
-
- return ret;
+ va_end (ap);
+
+ /* Although posix does not state execlp as an async-safe function
+ it can not use malloc to allocate the arguments since it might
+ be used in a vfork scenario and it may lead to malloc internal
+ bad state. */
+ ptrdiff_t i;
+ char *argv[argc + 1];
+ va_start (ap, arg);
+ argv[0] = (char *) arg;
+ for (i = 1; i <= argc; i++)
+ argv[i] = va_arg (ap, char *);
+ va_end (ap);
+
+ return __execvpe (file, argv, __environ);
}
libc_hidden_def (execlp)