From b4305f8d9124d6e69fbabef2056600a3242681d0 Mon Sep 17 00:00:00 2001 From: Maxim Sobolev Date: Fri, 25 Feb 2005 08:42:04 +0000 Subject: [PATCH] Try harder to not exceed MAXSHELLCMDLEN when parsing first line of shell script. Otherwise it's possible to panic kernel by constructing a shell script with first line not ending in '\n'. Also, treat '\0' as line terminating character, which may me useful in some situations. Submitted by: gad --- sys/kern/imgact_shell.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/sys/kern/imgact_shell.c b/sys/kern/imgact_shell.c index 42a93936154..9604f415b1e 100644 --- a/sys/kern/imgact_shell.c +++ b/sys/kern/imgact_shell.c @@ -75,18 +75,19 @@ exec_shell_imgact(imgp) offset = 0; while (ihp < &image_header[MAXSHELLCMDLEN]) { /* Skip any whitespace */ - while ((*ihp == ' ') || (*ihp == '\t')) { + if ((*ihp == ' ') || (*ihp == '\t')) { ihp++; continue; } /* End of line? */ - if ((*ihp == '\n') || (*ihp == '#')) + if ((*ihp == '\n') || (*ihp == '#') || (*ihp == '\0')) break; /* Found a token */ while ((*ihp != ' ') && (*ihp != '\t') && (*ihp != '\n') && - (*ihp != '#')) { + (*ihp != '#') && (*ihp != '\0') && + (ihp < &image_header[MAXSHELLCMDLEN])) { offset++; ihp++; } @@ -140,18 +141,19 @@ exec_shell_imgact(imgp) offset = 0; while (ihp < &image_header[MAXSHELLCMDLEN]) { /* Skip whitespace */ - while ((*ihp == ' ' || *ihp == '\t')) { + if ((*ihp == ' ') || (*ihp == '\t')) { ihp++; continue; } /* End of line? */ - if ((*ihp == '\n') || (*ihp == '#')) + if ((*ihp == '\n') || (*ihp == '#') || (*ihp == '\0')) break; /* Found a token, copy it */ - while ((*ihp != ' ') && (*ihp != '\t') && - (*ihp != '\n') && (*ihp != '#')) { + while ((*ihp != ' ') && (*ihp != '\t') && (*ihp != '\n') && + (*ihp != '#') && (*ihp != '\0') && + (ihp < &image_header[MAXSHELLCMDLEN])) { imgp->args->begin_argv[offset++] = *ihp++; } imgp->args->begin_argv[offset++] = '\0';