File: | src/lib/libc/gen/exec.c |
Warning: | line 278, column 3 2nd function call argument is an uninitialized value |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: exec.c,v 1.24 2021/09/22 20:40:06 deraadt Exp $ */ | |||
2 | /*- | |||
3 | * Copyright (c) 1991, 1993 | |||
4 | * The Regents of the University of California. All rights reserved. | |||
5 | * | |||
6 | * Redistribution and use in source and binary forms, with or without | |||
7 | * modification, are permitted provided that the following conditions | |||
8 | * are met: | |||
9 | * 1. Redistributions of source code must retain the above copyright | |||
10 | * notice, this list of conditions and the following disclaimer. | |||
11 | * 2. Redistributions in binary form must reproduce the above copyright | |||
12 | * notice, this list of conditions and the following disclaimer in the | |||
13 | * documentation and/or other materials provided with the distribution. | |||
14 | * 3. Neither the name of the University nor the names of its contributors | |||
15 | * may be used to endorse or promote products derived from this software | |||
16 | * without specific prior written permission. | |||
17 | * | |||
18 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |||
19 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||
20 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||
21 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |||
22 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||
23 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||
24 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||
25 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||
26 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||
27 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||
28 | * SUCH DAMAGE. | |||
29 | */ | |||
30 | ||||
31 | #include <sys/types.h> | |||
32 | #include <sys/uio.h> | |||
33 | #include <sys/mman.h> | |||
34 | ||||
35 | #include <errno(*__errno()).h> | |||
36 | #include <limits.h> | |||
37 | #include <paths.h> | |||
38 | #include <stdarg.h> | |||
39 | #include <stdio.h> | |||
40 | #include <stdlib.h> | |||
41 | #include <string.h> | |||
42 | #include <unistd.h> | |||
43 | ||||
44 | int | |||
45 | execl(const char *name, const char *arg, ...) | |||
46 | { | |||
47 | va_list ap; | |||
48 | char **argv; | |||
49 | size_t maplen; | |||
50 | int save_errno, n, error; | |||
51 | ||||
52 | va_start(ap, arg)__builtin_va_start(ap, arg); | |||
53 | n = 1; | |||
54 | while (va_arg(ap, char *)__builtin_va_arg(ap, char *) != NULL((void *)0)) | |||
55 | n++; | |||
56 | va_end(ap)__builtin_va_end(ap); | |||
57 | ||||
58 | maplen = (n + 1) * sizeof(*argv); | |||
59 | argv = mmap(NULL((void *)0), maplen, PROT_WRITE0x02|PROT_READ0x01, | |||
60 | MAP_ANON0x1000|MAP_PRIVATE0x0002, -1, 0); | |||
61 | if (argv == MAP_FAILED((void *)-1)) | |||
62 | return (-1); | |||
63 | ||||
64 | va_start(ap, arg)__builtin_va_start(ap, arg); | |||
65 | n = 1; | |||
66 | argv[0] = (char *)arg; | |||
67 | while ((argv[n] = va_arg(ap, char *)__builtin_va_arg(ap, char *)) != NULL((void *)0)) | |||
68 | n++; | |||
69 | va_end(ap)__builtin_va_end(ap); | |||
70 | ||||
71 | error = execve(name, argv, environ); | |||
72 | save_errno = errno(*__errno()); | |||
73 | munmap(argv, maplen); | |||
74 | errno(*__errno()) = save_errno; | |||
75 | return (error); | |||
76 | } | |||
77 | DEF_WEAK(execl)__asm__(".weak " "execl" " ; " "execl" " = " "_libc_execl"); | |||
78 | ||||
79 | int | |||
80 | execle(const char *name, const char *arg, ...) | |||
81 | { | |||
82 | va_list ap; | |||
83 | char **argv, **envp; | |||
84 | size_t maplen; | |||
85 | int save_errno, n, error; | |||
86 | ||||
87 | va_start(ap, arg)__builtin_va_start(ap, arg); | |||
88 | n = 1; | |||
89 | while (va_arg(ap, char *)__builtin_va_arg(ap, char *) != NULL((void *)0)) | |||
90 | n++; | |||
91 | va_end(ap)__builtin_va_end(ap); | |||
92 | ||||
93 | maplen = (n + 1) * sizeof(*argv); | |||
94 | argv = mmap(NULL((void *)0), maplen, PROT_WRITE0x02|PROT_READ0x01, | |||
95 | MAP_ANON0x1000|MAP_PRIVATE0x0002, -1, 0); | |||
96 | if (argv == MAP_FAILED((void *)-1)) | |||
97 | return (-1); | |||
98 | ||||
99 | va_start(ap, arg)__builtin_va_start(ap, arg); | |||
100 | n = 1; | |||
101 | argv[0] = (char *)arg; | |||
102 | while ((argv[n] = va_arg(ap, char *)__builtin_va_arg(ap, char *)) != NULL((void *)0)) | |||
103 | n++; | |||
104 | envp = va_arg(ap, char **)__builtin_va_arg(ap, char **); | |||
105 | va_end(ap)__builtin_va_end(ap); | |||
106 | ||||
107 | error = execve(name, argv, envp); | |||
108 | save_errno = errno(*__errno()); | |||
109 | munmap(argv, maplen); | |||
110 | errno(*__errno()) = save_errno; | |||
111 | return error; | |||
112 | } | |||
113 | ||||
114 | int | |||
115 | execlp(const char *name, const char *arg, ...) | |||
116 | { | |||
117 | va_list ap; | |||
118 | char **argv; | |||
119 | size_t maplen; | |||
120 | int save_errno, n, error; | |||
121 | ||||
122 | va_start(ap, arg)__builtin_va_start(ap, arg); | |||
123 | n = 1; | |||
124 | while (va_arg(ap, char *)__builtin_va_arg(ap, char *) != NULL((void *)0)) | |||
| ||||
125 | n++; | |||
126 | va_end(ap)__builtin_va_end(ap); | |||
127 | ||||
128 | maplen = (n + 1) * sizeof(*argv); | |||
129 | argv = mmap(NULL((void *)0), maplen, PROT_WRITE0x02|PROT_READ0x01, | |||
130 | MAP_ANON0x1000|MAP_PRIVATE0x0002, -1, 0); | |||
131 | if (argv == MAP_FAILED((void *)-1)) | |||
132 | return (-1); | |||
133 | ||||
134 | va_start(ap, arg)__builtin_va_start(ap, arg); | |||
135 | n = 1; | |||
136 | argv[0] = (char *)arg; | |||
137 | while ((argv[n] = va_arg(ap, char *)__builtin_va_arg(ap, char *)) != NULL((void *)0)) | |||
138 | n++; | |||
139 | va_end(ap)__builtin_va_end(ap); | |||
140 | error = execvp(name, argv); | |||
141 | save_errno = errno(*__errno()); | |||
142 | munmap(argv, maplen); | |||
143 | errno(*__errno()) = save_errno; | |||
144 | return error; | |||
145 | } | |||
146 | ||||
147 | int | |||
148 | execv(const char *name, char *const *argv) | |||
149 | { | |||
150 | (void)execve(name, argv, environ); | |||
151 | return (-1); | |||
152 | } | |||
153 | ||||
154 | int | |||
155 | execvpe(const char *name, char *const *argv, char *const *envp) | |||
156 | { | |||
157 | char **memp; | |||
158 | int cnt; | |||
159 | size_t lp, ln, curlen; | |||
160 | char *p; | |||
161 | int eacces = 0; | |||
162 | char *bp, *cur, *path, buf[PATH_MAX1024]; | |||
163 | size_t maplen; | |||
164 | int save_errno, n; | |||
165 | ||||
166 | /* | |||
167 | * Do not allow null name | |||
168 | */ | |||
169 | if (name == NULL((void *)0) || *name == '\0') { | |||
170 | errno(*__errno()) = ENOENT2; | |||
171 | return (-1); | |||
172 | } | |||
173 | ||||
174 | /* If it's an absolute or relative path name, it's easy. */ | |||
175 | if (strchr(name, '/')) { | |||
176 | bp = (char *)name; | |||
177 | cur = path = NULL((void *)0); | |||
178 | goto retry; | |||
179 | } | |||
180 | bp = buf; | |||
181 | ||||
182 | /* Get the path we're searching. */ | |||
183 | if (!(path = getenv("PATH"))) | |||
184 | path = _PATH_DEFPATH"/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin"; | |||
185 | ||||
186 | curlen = strlen(path) + 1; | |||
187 | cur = mmap(NULL((void *)0), curlen, PROT_WRITE0x02|PROT_READ0x01, | |||
188 | MAP_ANON0x1000|MAP_PRIVATE0x0002, -1, 0); | |||
189 | if (cur == MAP_FAILED((void *)-1)) | |||
190 | return (-1); | |||
191 | ||||
192 | strlcpy(cur, path, curlen); | |||
193 | path = cur; | |||
194 | while ((p = strsep(&cur, ":"))) { | |||
195 | /* | |||
196 | * It's a SHELL path -- double, leading and trailing colons | |||
197 | * mean the current directory. | |||
198 | */ | |||
199 | if (!*p) { | |||
200 | p = "."; | |||
201 | lp = 1; | |||
202 | } else | |||
203 | lp = strlen(p); | |||
204 | ln = strlen(name); | |||
205 | ||||
206 | /* | |||
207 | * If the path is too long complain. This is a possible | |||
208 | * security issue; given a way to make the path too long | |||
209 | * the user may execute the wrong program. | |||
210 | */ | |||
211 | if (lp + ln + 2 > sizeof(buf)) { | |||
212 | struct iovec iov[3]; | |||
213 | ||||
214 | iov[0].iov_base = "execvp: "; | |||
215 | iov[0].iov_len = 8; | |||
216 | iov[1].iov_base = p; | |||
217 | iov[1].iov_len = lp; | |||
218 | iov[2].iov_base = ": path too long\n"; | |||
219 | iov[2].iov_len = 16; | |||
220 | (void)writev(STDERR_FILENO2, iov, 3); | |||
221 | continue; | |||
222 | } | |||
223 | bcopy(p, buf, lp); | |||
224 | buf[lp] = '/'; | |||
225 | bcopy(name, buf + lp + 1, ln); | |||
226 | buf[lp + ln + 1] = '\0'; | |||
227 | ||||
228 | retry: (void)execve(bp, argv, envp); | |||
229 | switch(errno(*__errno())) { | |||
230 | case E2BIG7: | |||
231 | goto done; | |||
232 | case EISDIR21: | |||
233 | case ELOOP62: | |||
234 | case ENAMETOOLONG63: | |||
235 | case ENOENT2: | |||
236 | break; | |||
237 | case ENOEXEC8: | |||
238 | for (cnt = 0; argv[cnt]; ++cnt) | |||
239 | ; | |||
240 | ||||
241 | maplen = (cnt + 2) * sizeof(char *); | |||
242 | memp = mmap(NULL((void *)0), maplen, PROT_WRITE0x02|PROT_READ0x01, | |||
243 | MAP_ANON0x1000|MAP_PRIVATE0x0002, -1, 0); | |||
244 | if (memp == MAP_FAILED((void *)-1)) | |||
245 | goto done; | |||
246 | ||||
247 | memp[0] = "sh"; | |||
248 | memp[1] = bp; | |||
249 | bcopy(argv + 1, memp + 2, cnt * sizeof(char *)); | |||
250 | (void)execve(_PATH_BSHELL"/bin/sh", memp, envp); | |||
251 | save_errno = errno(*__errno()); | |||
252 | munmap(memp, maplen); | |||
253 | errno(*__errno()) = save_errno; | |||
254 | goto done; | |||
255 | case ENOMEM12: | |||
256 | goto done; | |||
257 | case ENOTDIR20: | |||
258 | break; | |||
259 | case ETXTBSY26: | |||
260 | /* | |||
261 | * We used to retry here, but sh(1) doesn't. | |||
262 | */ | |||
263 | goto done; | |||
264 | case EACCES13: | |||
265 | eacces = 1; | |||
266 | break; | |||
267 | default: | |||
268 | goto done; | |||
269 | } | |||
270 | } | |||
271 | if (eacces
| |||
272 | errno(*__errno()) = EACCES13; | |||
273 | else if (!errno(*__errno())) | |||
274 | errno(*__errno()) = ENOENT2; | |||
275 | done: | |||
276 | if (cur) { | |||
277 | save_errno = errno(*__errno()); | |||
278 | munmap(cur, curlen); | |||
| ||||
279 | errno(*__errno()) = save_errno; | |||
280 | } | |||
281 | return (-1); | |||
282 | } | |||
283 | DEF_WEAK(execvpe)__asm__(".weak " "execvpe" " ; " "execvpe" " = " "_libc_execvpe" ); | |||
284 | ||||
285 | int | |||
286 | execvp(const char *name, char *const *argv) | |||
287 | { | |||
288 | return execvpe(name, argv, environ); | |||
289 | } | |||
290 | DEF_WEAK(execvp)__asm__(".weak " "execvp" " ; " "execvp" " = " "_libc_execvp" ); | |||
291 |