From: Denys Vlasenko Date: Tue, 12 Jan 2010 18:28:10 +0000 (+0100) Subject: hush: fix potential buffer overflow on NOMMU X-Git-Tag: 1_16_0~56 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6c93b24ce9dfb5c3970178ca2545502a7830716c;p=oweals%2Fbusybox.git hush: fix potential buffer overflow on NOMMU Signed-off-by: Denys Vlasenko --- diff --git a/shell/hush.c b/shell/hush.c index 8de8d3c2a..88a7b988a 100644 --- a/shell/hush.c +++ b/shell/hush.c @@ -2919,7 +2919,9 @@ static void re_execute_shell(char ***to_free, const char *s, char *g_argv0, char **g_argv, char **builtin_argv) { - char param_buf[sizeof("-$%x:%x:%x:%x:%x") + sizeof(unsigned) * 2]; +#define NOMMU_HACK_FMT ("-$%x:%x:%x:%x:%x:%llx" IF_HUSH_LOOPS(":%x")) + /* delims + 2 * (number of bytes in printed hex numbers) */ + char param_buf[sizeof(NOMMU_HACK_FMT) + 2 * (sizeof(int)*6 + sizeof(long long)*1)]; char *heredoc_argv[4]; struct variable *cur; # if ENABLE_HUSH_FUNCTIONS @@ -2953,7 +2955,7 @@ static void re_execute_shell(char ***to_free, const char *s, } } - sprintf(param_buf, "-$%x:%x:%x:%x:%x:%llx" IF_HUSH_LOOPS(":%x") + sprintf(param_buf, NOMMU_HACK_FMT , (unsigned) G.root_pid , (unsigned) G.root_ppid , (unsigned) G.last_bg_pid @@ -2962,7 +2964,8 @@ static void re_execute_shell(char ***to_free, const char *s, , empty_trap_mask IF_HUSH_LOOPS(, G.depth_of_loop) ); - /* 1:hush 2:-$::: +#undef NOMMU_HACK_FMT + /* 1:hush 2:-$::: * 3:-c 4: 5: 6:NULL */ cnt += 6;