[Issue 385] New: unprotected command line parsing
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Thu Sep 28 11:30:17 PDT 2006
http://d.puremagic.com/issues/show_bug.cgi?id=385
Summary: unprotected command line parsing
Product: D
Version: 0.167
Platform: PC
OS/Version: All
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
Component: DMD
AssignedTo: bugzilla at digitalmars.com
ReportedBy: thomas-dloop at kuehne.cn
DMD-0.167's argument parsing is unprotected against malicious command line
arguments.
Sample exploits:
#
# #include <unistd.h>
# #include <stdlib.h>
#
# // sample 1
# execve("dmd", NULL, NULL);
#
# // sample 2
# char** arg = malloc(sizeof(char*));
# arg[0] = NULL;
# execve("dmd", arg, NULL);
#
mars.c's current code:
#
# int status = EXIT_SUCCESS;
# int argcstart = argc;
#
# // Initialization
# Type::init();
# Id::initialize();
#
Suggested fix:
#
# int status = EXIT_SUCCESS;
# int argcstart = argc;
#
# // protect against malicious arguments
# if (argc < 1 || !argv)
# { usage();
# exit(EXIT_FAILURE);
# }
# for (i = 0; i < argc; i++)
# {
# if (!argv[i])
# { usage();
# exit(EXIT_FAILURE);
# }
# }
#
# // Initialization
# Type::init();
# Id::initialize();
#
--
More information about the Digitalmars-d-bugs
mailing list