September 28, 2006 [Issue 385] New: unprotected command line parsing | ||||
|---|---|---|---|---|
| ||||
 | http://d.puremagic.com/issues/show_bug.cgi?id=385 Summary: unprotected command line parsing Product: D Version: 0.167 Platform: PC OS/Version: All Status: NEW Keywords: patch Severity: normal Priority: P2 Component: DMD AssignedTo: bugzilla@digitalmars.com ReportedBy: thomas-dloop@kuehne.cn DMD-0.167's argument parsing is unprotected against malicious command line arguments. Sample exploits: # # #include <unistd.h> # #include <stdlib.h> # # // sample 1 # execve("dmd", NULL, NULL); # # // sample 2 # char** arg = malloc(sizeof(char*)); # arg[0] = NULL; # execve("dmd", arg, NULL); # mars.c's current code: # # int status = EXIT_SUCCESS; # int argcstart = argc; # # // Initialization # Type::init(); # Id::initialize(); # Suggested fix: # # int status = EXIT_SUCCESS; # int argcstart = argc; # # // protect against malicious arguments # if (argc < 1 || !argv) # { usage(); # exit(EXIT_FAILURE); # } # for (i = 0; i < argc; i++) # { # if (!argv[i]) # { usage(); # exit(EXIT_FAILURE); # } # } # # // Initialization # Type::init(); # Id::initialize(); # -- | |||
Permalink
ReplyOctober 05, 2006 [Issue 385] unprotected command line parsing | ||||
|---|---|---|---|---|
| ||||
Posted in reply to d-bugmail | http://d.puremagic.com/issues/show_bug.cgi?id=385 bugzilla@digitalmars.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #1 from bugzilla@digitalmars.com 2006-10-04 19:55 ------- Fixed DMD 0.168 -- | |||
Copyright © 1999-2021 by the D Language Foundation