Fix a segfault in lash, hush, and cmdedit. Each of these used

xgetcwd, but did not check the return for a NULL, and then continued to call strlen on the NULL when the cwd had been removed from under it. -Erik
2001-05-11 16:58:46 +00:00 · 2001-05-11 16:58:46 +00:00 · 5f265b755a
commit 5f265b755a
parent 9d94deabd3
10 changed files with 40 additions and 5 deletions
--- a/2
+++ b/2
@ -259,7 +259,7 @@ endif
 LIBBB_MSRC=libbb/messages.c
 LIBBB_MESSAGES= full_version name_too_long omitting_directory not_a_directory \
 memory_exhausted invalid_date invalid_option io_error dash_dash_help \
-write_error too_few_args name_longer_than_foo
+write_error too_few_args name_longer_than_foo unknown
 LIBBB_MOBJ=$(patsubst %,$(LIBBB)/%.o, $(LIBBB_MESSAGES))


--- a/cmdedit.c
+++ b/cmdedit.c
@ -355,6 +355,10 @@ static void parse_prompt(const char *prmt_ptr)
 	char  c;
 	char *pbuf;

+	if (!pwd_buf) {
+		pwd_buf=unknown;
+	}
+
 	while (*prmt_ptr) {
 		pbuf    = buf;
 		pbuf[1] = 0;
--- a/hush.c
+++ b/hush.c
@ -429,6 +429,8 @@ static int builtin_cd(struct child_prog *child)
 		return EXIT_FAILURE;
 	}
 	cwd = xgetcwd(cwd);
+	if (!cwd)
+		cwd = unknown;
 	return EXIT_SUCCESS;
 }

@ -568,6 +570,8 @@ static int builtin_jobs(struct child_prog *child)
 static int builtin_pwd(struct child_prog *dummy)
 {
 	cwd = xgetcwd(cwd);
+	if (!cwd)
+		cwd = unknown;
 	puts(cwd);
 	return EXIT_SUCCESS;
 }
@ -2307,6 +2311,8 @@ int shell_main(int argc, char **argv)
 	
 	/* initialize the cwd -- this is never freed...*/
 	cwd = xgetcwd(0);
+	if (!cwd)
+		cwd = unknown;
 #ifdef BB_FEATURE_COMMAND_EDITING
 	cmdedit_set_initial_prompt();
 #else
--- a/include/libbb.h
+++ b/include/libbb.h
@ -282,5 +282,6 @@ extern const char * const dash_dash_help;
 extern const char * const write_error;
 extern const char * const too_few_args;
 extern const char * const name_longer_than_foo;
+extern const char * const unknown;

 #endif /* __LIBBB_H__ */
--- a/lash.c
+++ b/lash.c
@ -297,7 +297,8 @@ static int builtin_cd(struct child_prog *child)
 		return EXIT_FAILURE;
 	}
 	cwd = xgetcwd(cwd);
-
+	if (!cwd)
+		cwd = unknown;
 	return EXIT_SUCCESS;
 }

@ -412,6 +413,9 @@ static int builtin_jobs(struct child_prog *child)
 /* built-in 'pwd' handler */
 static int builtin_pwd(struct child_prog *dummy)
 {
+	cwd = xgetcwd(cwd);
+	if (!cwd)
+		cwd = unknown;
 	printf( "%s\n", cwd);
 	return EXIT_SUCCESS;
 }
@ -1827,7 +1831,6 @@ void free_memory(void)
 {
 	if (cwd) {
 		free(cwd);
-		cwd = NULL;
 	}
 	if (local_pending_command)
 		free(local_pending_command);
@ -1919,6 +1922,8 @@ int shell_main(int argc_l, char **argv_l)

 	/* initialize the cwd -- this is never freed...*/
 	cwd = xgetcwd(0);
+	if (!cwd)
+		cwd = unknown;

 #ifdef BB_FEATURE_CLEAN_UP
 	atexit(free_memory);
--- a/libbb/libbb.h
+++ b/libbb/libbb.h
@ -282,5 +282,6 @@ extern const char * const dash_dash_help;
 extern const char * const write_error;
 extern const char * const too_few_args;
 extern const char * const name_longer_than_foo;
+extern const char * const unknown;

 #endif /* __LIBBB_H__ */
--- a/libbb/messages.c
+++ b/libbb/messages.c
@ -58,4 +58,7 @@
 #ifdef L_name_longer_than_foo
 	const char * const name_longer_than_foo = "Names longer than %d chars not supported.";
 #endif
+#ifdef L_unknown
+	const char * const unknown = "(unknown)";
+#endif

--- a/shell/cmdedit.c
+++ b/shell/cmdedit.c
@ -355,6 +355,10 @@ static void parse_prompt(const char *prmt_ptr)
 	char  c;
 	char *pbuf;

+	if (!pwd_buf) {
+		pwd_buf=unknown;
+	}
+
 	while (*prmt_ptr) {
 		pbuf    = buf;
 		pbuf[1] = 0;
--- a/shell/hush.c
+++ b/shell/hush.c
@ -429,6 +429,8 @@ static int builtin_cd(struct child_prog *child)
 		return EXIT_FAILURE;
 	}
 	cwd = xgetcwd(cwd);
+	if (!cwd)
+		cwd = unknown;
 	return EXIT_SUCCESS;
 }

@ -568,6 +570,8 @@ static int builtin_jobs(struct child_prog *child)
 static int builtin_pwd(struct child_prog *dummy)
 {
 	cwd = xgetcwd(cwd);
+	if (!cwd)
+		cwd = unknown;
 	puts(cwd);
 	return EXIT_SUCCESS;
 }
@ -2307,6 +2311,8 @@ int shell_main(int argc, char **argv)
 	
 	/* initialize the cwd -- this is never freed...*/
 	cwd = xgetcwd(0);
+	if (!cwd)
+		cwd = unknown;
 #ifdef BB_FEATURE_COMMAND_EDITING
 	cmdedit_set_initial_prompt();
 #else
--- a/shell/lash.c
+++ b/shell/lash.c
@ -297,7 +297,8 @@ static int builtin_cd(struct child_prog *child)
 		return EXIT_FAILURE;
 	}
 	cwd = xgetcwd(cwd);
-
+	if (!cwd)
+		cwd = unknown;
 	return EXIT_SUCCESS;
 }

@ -412,6 +413,9 @@ static int builtin_jobs(struct child_prog *child)
 /* built-in 'pwd' handler */
 static int builtin_pwd(struct child_prog *dummy)
 {
+	cwd = xgetcwd(cwd);
+	if (!cwd)
+		cwd = unknown;
 	printf( "%s\n", cwd);
 	return EXIT_SUCCESS;
 }
@ -1827,7 +1831,6 @@ void free_memory(void)
 {
 	if (cwd) {
 		free(cwd);
-		cwd = NULL;
 	}
 	if (local_pending_command)
 		free(local_pending_command);
@ -1919,6 +1922,8 @@ int shell_main(int argc_l, char **argv_l)

 	/* initialize the cwd -- this is never freed...*/
 	cwd = xgetcwd(0);
+	if (!cwd)
+		cwd = unknown;

 #ifdef BB_FEATURE_CLEAN_UP
 	atexit(free_memory);