diff options
| author |   Nicholas Jones <carpaski@gentoo.org> | 2004-04-12 00:27:51 +0000 |
|---|---|---|
| committer | Nicholas Jones <carpaski@gentoo.org> | 2004-04-12 00:27:51 +0000 |
| commit | ad60c51277504ebd7e77191761b77dd820b5ea26 (patch) | |
| tree | 2524db8f4c36a27c420055eed48467d2d626e801 /src | |
| parent | Fixed infinity loop in etc-update(#19144). Fixed glob problem in ebuild.sh(#3... (diff) | |
| download | portage-cvs-ad60c51277504ebd7e77191761b77dd820b5ea26.tar.gz portage-cvs-ad60c51277504ebd7e77191761b77dd820b5ea26.tar.bz2 portage-cvs-ad60c51277504ebd7e77191761b77dd820b5ea26.zip | |
free() fix for env in execve call -- jstubbs
Diffstat (limited to 'src')
| -rw-r--r-- | src/sandbox-1.1/ChangeLog | 8 | ||||
| -rw-r--r-- | src/sandbox-1.1/libsandbox.c | 6 |
2 files changed, 10 insertions, 4 deletions
diff --git a/src/sandbox-1.1/ChangeLog b/src/sandbox-1.1/ChangeLog index dc1c541..6f64b35 100644 --- a/src/sandbox-1.1/ChangeLog +++ b/src/sandbox-1.1/ChangeLog @@ -1,12 +1,16 @@ # ChangeLog for Path Sandbox # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/ChangeLog,v 1.34 2004/04/11 10:18:05 carpaski Exp $ +# $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/ChangeLog,v 1.35 2004/04/12 00:27:51 carpaski Exp $ 04 Apr 2004; Nicholas Jones <carpaski@gentoo.org> libsandbox.c, sandbox.c: + Another fix from jstubbs regarding a free() on a stack variable for the + environment -- tracking now prevents extraneous free()'s segfault. + + 04 Apr 2004; Nicholas Jones <carpaski@gentoo.org> libsandbox.c, sandbox.c: J. Stubbs tracked down a new bug where mkdir was failing to the patch on the lstat in mkdir... it now only returns 0 or -1 as documented for mkdir. Also remove the errno = ESUCCESS settings as documentation points out that - a library isn't allowed to do that. + a library isn't allowed to do that. 04 Apr 2004; Nicholas Jones <carpaski@gentoo.org> libsandbox.c: Added a file_security_check() function to check random potential exploits on files diff --git a/src/sandbox-1.1/libsandbox.c b/src/sandbox-1.1/libsandbox.c index 026fc1b..6cfa0ae 100644 --- a/src/sandbox-1.1/libsandbox.c +++ b/src/sandbox-1.1/libsandbox.c @@ -25,7 +25,7 @@ * as some of the InstallWatch code was used. * * - * $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/libsandbox.c,v 1.17 2004/04/11 10:18:05 carpaski Exp $ + * $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/libsandbox.c,v 1.18 2004/04/12 00:27:51 carpaski Exp $ * */ @@ -738,6 +738,7 @@ execve(const char *filename, char *const argv[], char *const envp[]) int env_len = 0; char canonic[SB_PATH_MAX]; char **my_env = NULL; + int kill_env = 1; /* We limit the size LD_PRELOAD can be here, but it should be enough */ char tmp_str[4096]; @@ -749,6 +750,7 @@ execve(const char *filename, char *const argv[], char *const envp[]) if (strstr(envp[count], "LD_PRELOAD=") == envp[count]) { if (NULL != strstr(envp[count], sandbox_lib)) { my_env = (char **) envp; + kill_env = 0; break; } else { int i = 0; @@ -808,7 +810,7 @@ execve(const char *filename, char *const argv[], char *const envp[]) result = true_execve(filename, argv, my_env); old_errno = errno; - if (my_env) { + if (my_env && kill_env) { free(my_env); my_env = NULL; } |