JehanneOS/mksh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

• Address concerns of Chris Palmer from the Android security team

Browse Source 
– possible integer overflows in memory allocation, mostly
    ‣ multiplication: all are checked now
    ‣ addition: reviewed them, most were “proven” or guessed to be
      “almost” impossible to run over (e.g. when we have a string
      whose length is taken it is assumed that the length will be
      more than only a few bytes below SIZE_MAX, since code and
      stack have to fit); some are checked now (e.g. when one of
      the summands is an off_t); most of the unchecked ones are
      annotated now
    ⇒ cost (MirBSD/i386 static): +76 .text
    ⇒ cost (Debian sid/i386): +779 .text  -4 .data
  – on Linux targets, setuid() setresuid() setresgid() can fail
    with EAGAIN; check for that and, if so, warn once and retry
    infinitely (other targets to be added later once we know that
    they are “insane”)
    ⇒ cost (Debian sid/i386): +192 .text (includes .rodata)
• setmode.c: Do overflow checking for realloc() too; switch back
  from calloc() to a checked malloc() for simplification while there
• define -DIN_MKSH and let setmode.c look a tad nicer while here
This commit is contained in:
tg
2010-09-14 21:26:19 +00:00
parent 08862021ee
commit 667d792d6a
18 changed files with 204 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
syn.c
View File

@@ -22,7 +22,7 @@
#include "sh.h"
__RCSID("$MirOS: src/bin/mksh/syn.c,v 1.51 2010/08/28 20:22:23 tg Exp $");
__RCSID("$MirOS: src/bin/mksh/syn.c,v 1.52 2010/09/14 21:26:18 tg Exp $");
struct nesting_state {
int start_token; /* token than began nesting (eg, FOR) */
@@ -231,7 +231,8 @@ get_command(int cf)
XPtrV args, vars;
struct nesting_state old_nesting;
iops = alloc((NUFILE + 1) * sizeof(struct ioword *), ATEMP);
/* NUFILE is small enough to leave this addition unchecked */
iops = alloc2((NUFILE + 1), sizeof(struct ioword *), ATEMP);
XPinit(args, 16);
XPinit(vars, 16);
@@ -476,7 +477,7 @@ get_command(int cf)
t->ioact = NULL;
} else {
iops[iopn++] = NULL;
iops = aresize(iops, iopn * sizeof(struct ioword *), ATEMP);
iops = aresize2(iops, iopn, sizeof(struct ioword *), ATEMP);
t->ioact = iops;
}
@@ -656,12 +657,13 @@ function_body(char *name,
if ((t->left = get_command(CONTIN)) == NULL) {
char *tv;
/*
* Probably something like foo() followed by eof or ;.
* Probably something like foo() followed by EOF or ';'.
* This is accepted by sh and ksh88.
* To make "typeset -f foo" work reliably (so its output can
* be used as input), we pretend there is a colon here.
*/
t->left = newtp(TCOM);
/* (2 * sizeof(char *)) is small enough */
t->left->args = alloc(2 * sizeof(char *), ATEMP);
t->left->args[0] = tv = alloc(3, ATEMP);
tv[0] = CHAR;