[krbdev.mit.edu #8661] git commit

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8661] git commit

Jeffrey Arbuckle via RT

Check for zero argc in ksu

Most programs in the tree will perform a null dereference when argc is
zero, but as a setuid program ksu should be extra careful about memory
errors, even if this one is harmless.  Check and exit with status 1
immediately.

https://github.com/krb5/krb5/commit/c5b0a998d6349f8c90821a347db5666aed0e50eb
Author: Greg Hudson <[hidden email]>
Commit: c5b0a998d6349f8c90821a347db5666aed0e50eb
Branch: master
 src/clients/ksu/main.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #8661] git commit

Jeffrey Arbuckle via RT
A comment regarding the git commit:

https://github.com/krb5/krb5/commit/c5b0a998d6349f8c90821a347db5666aed0e50eb

The check for argc == 0 happens after the first use of argv[0].
Why not place the if statement right in the start of main()?

On Tue, Apr 24, 2018 at 10:10 PM, Greg Hudson via RT
<[hidden email]> wrote:

>
> Check for zero argc in ksu
>
> Most programs in the tree will perform a null dereference when argc is
> zero, but as a setuid program ksu should be extra careful about memory
> errors, even if this one is harmless.  Check and exit with status 1
> immediately.
>
> https://github.com/krb5/krb5/commit/c5b0a998d6349f8c90821a347db5666aed0e50eb
> Author: Greg Hudson <[hidden email]>
> Commit: c5b0a998d6349f8c90821a347db5666aed0e50eb
> Branch: master
>  src/clients/ksu/main.c |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
>

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #8661] git commit

Jeffrey Arbuckle via RT
In reply to this post by Jeffrey Arbuckle via RT
A comment regarding the git commit:

https://github.com/krb5/krb5/commit/c5b0a998d6349f8c90821a347db5666aed0e50eb

The check for argc == 0 happens after the first use of argv[0].
Why not place the if statement right in the start of main()?

On Tue, Apr 24, 2018 at 10:10 PM, Greg Hudson via RT
<[hidden email]> wrote:

>
> Check for zero argc in ksu
>
> Most programs in the tree will perform a null dereference when argc is
> zero, but as a setuid program ksu should be extra careful about memory
> errors, even if this one is harmless.  Check and exit with status 1
> immediately.
>
> https://github.com/krb5/krb5/commit/c5b0a998d6349f8c90821a347db5666aed0e50eb
> Author: Greg Hudson <[hidden email]>
> Commit: c5b0a998d6349f8c90821a347db5666aed0e50eb
> Branch: master
>  src/clients/ksu/main.c |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
>

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs