www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 385] New: unprotected command line parsing

reply d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=385

           Summary: unprotected command line parsing
           Product: D
           Version: 0.167
          Platform: PC
        OS/Version: All
            Status: NEW
          Keywords: patch
          Severity: normal
          Priority: P2
         Component: DMD
        AssignedTo: bugzilla digitalmars.com
        ReportedBy: thomas-dloop kuehne.cn


DMD-0.167's argument parsing is unprotected against malicious command line
arguments.

Sample exploits:
#
# #include <unistd.h>
# #include <stdlib.h>
# 
# // sample 1
# execve("dmd", NULL, NULL);
#
# // sample 2
# char** arg = malloc(sizeof(char*));
# arg[0] = NULL;
# execve("dmd", arg, NULL);
#

mars.c's current code:
#
#     int status = EXIT_SUCCESS;

#     int argcstart = argc;

# 

#     // Initialization

#     Type::init();

#     Id::initialize();

#

Suggested fix:
#
#     int status = EXIT_SUCCESS;

#     int argcstart = argc;

# 

#     // protect against malicious arguments

#     if (argc < 1 || !argv)

#     { usage();

#       exit(EXIT_FAILURE);

#     }

#     for (i = 0; i < argc; i++)

#     {

#       if (!argv[i])

#       {   usage();

#           exit(EXIT_FAILURE);

#       }

#     }

#

#     // Initialization

#     Type::init();

#     Id::initialize();

#


-- 
Sep 28 2006
parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=385


bugzilla digitalmars.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Comment #1 from bugzilla digitalmars.com  2006-10-04 19:55 -------
Fixed DMD 0.168


-- 
Oct 04 2006