[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #48919] exec server can attempt null pointer dereference
|
From: |
Brent Baccala |
|
Subject: |
[bug #48919] exec server can attempt null pointer dereference |
|
Date: |
Sat, 27 Aug 2016 05:09:23 +0000 (UTC) |
|
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0 |
URL:
<http://savannah.gnu.org/bugs/?48919>
Summary: exec server can attempt null pointer dereference
Project: The GNU Hurd
Submitted by: baccala
Submitted on: Sat 27 Aug 2016 05:09:21 AM GMT
Category: Hurd Servers
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Reproducibility: Every Time
Size (loc): None
Planned Release: None
Effort: 0.00
Wiki-like text discussion box:
_______________________________________________________
Details:
The exec server can be made to dereference a NULL pointer when exec'ing a
shell script
Reproducing this bug requires a fresh instantiation of the exec server, and
since ext2fs caches its port to the exec server, that means a fresh
instantiation of ext2fs, too.
touch exec ramdisk mnt
settrans --active ramdisk /hurd/storeio -T copy zero:32M
mkfs.ext2 -F -b 4096 ramdisk
settrans --active exec /hurd/exec
remap /servers/exec $PWD/exec
...now in the remap shell...
settrans --active mnt /hurd/ext2fs ramdisk
cp /bin/which mnt
./mnt/which
The problem is around lines 108-126 of hashexec.c. If exec_setexecdata is
never called, then this code is reached with std_ports NULL.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?48919>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #48919] exec server can attempt null pointer dereference,
Brent Baccala <=