Fix possible memory overwrite in init_from_environment().

It was possible for a user to overwrite memory at a relative location
with 1 by passing a negative file descriptor.

diff --git a/src/trackfds.h b/src/trackfds.h
index 00b3b6e3b55da47e7c66453e609e6b7754a6071d..70751d760c68bb6ee3ad2fe924348f1ee6d3ee52 100644 (file)
--- a/src/trackfds.h
+++ b/src/trackfds.h
@@ -135,7 +135,10 @@ static void init_from_environment(void) {
         *x = 0;
 
         int fd = atoi(last);
-        if (fd < TRACKFDS_STATIC_COUNT) {
+        if (fd < 0) {
+            goto next;
+
+        } else if (fd < TRACKFDS_STATIC_COUNT) {
             tracked_fds[fd] = 1;
         } else {
             if (!tracked_fds_list) {

diff --git a/tests/Makefile.am b/tests/Makefile.am
index a42be2356ec66ce15a98bd3df860af9850c0ad0d..2a3749f73e5a7eed7ad0fe3c9103f160f2de12df 100644 (file)
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1,4 +1,5 @@
-TESTS = test_example.sh \
+TESTS = test_environment.sh \
+        test_example.sh \
         test_exec.sh \
         test_noforce.sh \
         test_redirects.sh \
@@ -21,6 +22,8 @@ endif
 
 dist_check_SCRIPTS = $(TESTS) lib.sh
 dist_check_DATA = example.expected \
+                  example_environment.expected \
+                  example_environment_empty.expected \
                   example_error.expected \
                   example_exec.expected \
                   example_noforce.sh \

diff --git a/tests/example_environment.expected b/tests/example_environment.expected
new file mode 120000 (symlink)
index 0000000..60fcce2
--- /dev/null
+++ b/tests/example_environment.expected
@@ -0,0 +1 @@
+example.expected
\ No newline at end of file

diff --git a/tests/example_environment_empty.expected b/tests/example_environment_empty.expected
new file mode 100644 (file)
index 0000000..2a7f5a1
--- /dev/null
+++ b/tests/example_environment_empty.expected
@@ -0,0 +1,9 @@
+write to stderr: 1
+write to stdout
+error!: Success
+write to stderr 2write to stdout 2
+
+more on stderr
+stderr ...
+more on stdout
+x

diff --git a/tests/lib.sh b/tests/lib.sh
index b1c8bc0276e22ac23215726fdb086e307ea990bb..27653f760908487ae64d793092daf4d02db00f03 100644 (file)
--- a/tests/lib.sh
+++ b/tests/lib.sh
@@ -40,6 +40,9 @@ fi
 LC_ALL=C
 unset LANGUAGE
 
+# Set default COLORED_STDERR_FDS value.
+fds=2,
+
 
 die() {
     echo "$@" >&2
@@ -75,7 +78,7 @@ run_test() {
     (
         # Standard setup.
         LD_PRELOAD="$library"
-        COLORED_STDERR_FDS=2,
+        COLORED_STDERR_FDS="$fds"
         export LD_PRELOAD
         export COLORED_STDERR_FDS
 
@@ -101,17 +104,27 @@ run_test() {
 
 test_script() {
     testcase="$1"
-    shift
-    run_test "$srcdir/$testcase" "$srcdir/$testcase.expected" "$@"
+    expected="$2"
+    shift; shift || true
+
+    if test -z "$expected"; then
+        expected="$testcase"
+    fi
+    run_test "$srcdir/$testcase" "$srcdir/$expected.expected" "$@"
 }
 test_script_subshell() {
-    test_script "$1" bash -c 'bash $1' ''
+    test_script "$1" "$2" bash -c 'bash $1' ''
 }
 test_program() {
     testcase="$1"
-    shift
-    run_test "$builddir/$testcase" "$srcdir/$testcase.expected" "$@"
+    expected="$2"
+    shift; shift || true
+
+    if test -z "$expected"; then
+        expected="$testcase"
+    fi
+    run_test "$builddir/$testcase" "$srcdir/$expected.expected" "$@"
 }
 test_program_subshell() {
-    test_program "$1" sh -c '$1' ''
+    test_program "$1" "$2" sh -c '$1' ''
 }

diff --git a/tests/test_environment.sh b/tests/test_environment.sh
new file mode 100755 (executable)
index 0000000..a530718
--- /dev/null
+++ b/tests/test_environment.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Copyright (C) 2013  Simon Ruderich
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+test "x$srcdir" = x && srcdir=.
+. "$srcdir/lib.sh"
+
+# Test unexpected values for COLORED_STDERR_FDS environment variable.
+
+# Empty fields.
+fds=
+test_program          example example_environment_empty
+test_program_subshell example example_environment_empty
+fds=,,,
+test_program          example example_environment_empty
+test_program_subshell example example_environment_empty
+fds=,,,2
+test_program          example example_environment_empty
+test_program_subshell example example_environment_empty
+fds=2,,,
+test_program          example example_environment
+test_program_subshell example example_environment
+
+# Invalid fds.
+fds=-20,-30
+test_program          example example_environment_empty
+test_program_subshell example example_environment_empty
+fds=-20,-30,2,
+test_program          example example_environment
+test_program_subshell example example_environment
+fds=-20,-30,2,-1,
+test_program          example example_environment
+test_program_subshell example example_environment