From 5f6f9a1beab327be2728d44c1996408176f6800e Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 11 May 2016 09:18:14 +0100 Subject: Wrapper: allocate new environment dynamically Otherwise, if third-party plugins extend newenviron by more than 3 entries, we could overflow the array. It seems unlikely that any third-party plugin manipulates newenviron in practice, so this is mostly theoretical. Just in case, I have deliberately avoided using "i" as the variable name, so that any third-party plugin that was manipulating newenviron directly will now result in the wrapper failing to compile. I have not assumed that realloc(NULL, ...) works as an equivalent of malloc(...), in case there are still operating systems where that doesn't work. --- IkiWiki/Wrapper.pm | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) (limited to 'IkiWiki/Wrapper.pm') diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm index 69500029c..a8de39eea 100644 --- a/IkiWiki/Wrapper.pm +++ b/IkiWiki/Wrapper.pm @@ -52,7 +52,6 @@ sub gen_wrapper () { HTTP_COOKIE REMOTE_USER HTTPS REDIRECT_STATUS HTTP_HOST SERVER_PORT HTTPS HTTP_ACCEPT REDIRECT_URL} if $config{cgi}; - my $envsize=$#envsave; my $envsave=""; foreach my $var (@envsave) { $envsave.=<<"EOF"; @@ -65,7 +64,6 @@ EOF my $val=$config{ENV}{$key}; utf8::encode($val) if utf8::is_utf8($val); $val =~ s/([^A-Za-z0-9])/sprintf '""\\x%02x""', ord($1)/ge; - $envsize += 1; $envsave.=<<"EOF"; addenv("$key", "$val"); EOF @@ -184,18 +182,33 @@ EOF #include extern char **environ; -char *newenviron[$envsize+7]; -int i=0; +int newenvironlen=0; +/* Array of length newenvironlen+1 (+1 for NULL) */ +char **newenviron=NULL; void addenv(char *var, char *val) { - char *s=malloc(strlen(var)+1+strlen(val)+1); + char *s; + + if (newenviron) { + newenviron=realloc(newenviron, (newenvironlen+2) * sizeof(char *)); + } + else { + newenviron=calloc(newenvironlen+2, sizeof(char *)); + } + + if (!newenviron) { + perror("realloc"); + exit(1); + } + + s=malloc(strlen(var)+1+strlen(val)+1); if (!s) { perror("malloc"); exit(1); } else { sprintf(s, "%s=%s", var, val); - newenviron[i++]=s; + newenviron[newenvironlen++]=s; } } @@ -215,9 +228,9 @@ int main (int argc, char **argv) { $check_commit_hook @wrapper_hooks $envsave - newenviron[i++]="HOME=$ENV{HOME}"; - newenviron[i++]="PATH=$ENV{PATH}"; - newenviron[i++]="WRAPPED_OPTIONS=$configstring"; + addenv("HOME", "$ENV{HOME}"); + addenv("PATH", "$ENV{PATH}"); + addenv("WRAPPED_OPTIONS", "$configstring"); #ifdef __TINYC__ /* old tcc versions do not support modifying environ directly */ @@ -225,10 +238,10 @@ $envsave perror("clearenv"); exit(1); } - for (; i>0; i--) - putenv(newenviron[i-1]); + for (; newenvironlen>0; newenvironlen--) + putenv(newenviron[newenvironlen-1]); #else - newenviron[i]=NULL; + newenviron[newenvironlen]=NULL; environ=newenviron; #endif -- cgit v1.2.3