URL:
<http://savannah.gnu.org/bugs/?48919>
Summary: exec server can attempt null pointer dereference
Project: The GNU Hurd
Submitted by: baccala
Submitted on: Sat 27 Aug 2016 05:09:21 AM GMT
Category: Hurd Servers
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Reproducibility: Every Time
Size (loc): None
Planned Release: None
Effort: 0.00
Wiki-like text discussion box:
_______________________________________________________
Details:
The exec server can be made to dereference a NULL pointer when exec'ing a
shell script
Reproducing this bug requires a fresh instantiation of the exec server, and
since ext2fs caches its port to the exec server, that means a fresh
instantiation of ext2fs, too.
touch exec ramdisk mnt
settrans --active ramdisk /hurd/storeio -T copy zero:32M
mkfs.ext2 -F -b 4096 ramdisk
settrans --active exec /hurd/exec
remap /servers/exec $PWD/exec
...now in the remap shell...
settrans --active mnt /hurd/ext2fs ramdisk
cp /bin/which mnt
./mnt/which
The problem is around lines 108-126 of hashexec.c. If exec_setexecdata is
never called, then this code is reached with std_ports NULL.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?48919>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
