nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

daemon: Fix possible use-after-free. 

This is essentially a backport of
<f52b6c944e>
by Eelco Dolstra <eelco.dolstra@logicblox.com>.

The use-after-free bug would typically manifest when building with
GCC 5.1.
This commit is contained in:
Ludovic Courtès 2015-05-11 22:21:31 +02:00
parent 2320ea1a51
commit 1303a4a451
3 changed files with 26 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
nix/libstore/build.cc
View File

@ -401,18 +401,6 @@ static void commonChildInit(Pipe & logPipe)
} }
/* Convert a string list to an array of char pointers. Careful: the
string list should outlive the array. */
const char * * strings2CharPtrs(const Strings & ss)
{
const char * * arr = new const char * [ss.size() + 1];
const char * * p = arr;
foreach (Strings::const_iterator, i, ss) *p++ = i->c_str();
*p = 0;
return arr;
}
/* Restore default handling of SIGPIPE, otherwise some programs will /* Restore default handling of SIGPIPE, otherwise some programs will
randomly say "Broken pipe". */ randomly say "Broken pipe". */
static void restoreSIGPIPE() static void restoreSIGPIPE()
@ -2135,11 +2123,7 @@ void DerivationGoal::initChild()
Strings envStrs; Strings envStrs;
foreach (Environment::const_iterator, i, env) foreach (Environment::const_iterator, i, env)
envStrs.push_back(rewriteHashes(i->first + "=" + i->second, rewritesToTmp)); envStrs.push_back(rewriteHashes(i->first + "=" + i->second, rewritesToTmp));
const char * * envArr = strings2CharPtrs(envStrs); std::vector<const char *> envArr = stringsToCharPtrs(envStrs);
Path program = drv.builder.c_str();
std::vector<const char *> args; /* careful with c_str()! */
string user; /* must be here for its c_str()! */
/* If we are running in `build-users' mode, then switch to the /* If we are running in `build-users' mode, then switch to the
user we allocated above. Make sure that we drop all root user we allocated above. Make sure that we drop all root
@ -2165,17 +2149,18 @@ void DerivationGoal::initChild()
} }
/* Fill in the arguments. */ /* Fill in the arguments. */
Strings args;
string builderBasename = baseNameOf(drv.builder); string builderBasename = baseNameOf(drv.builder);
args.push_back(builderBasename.c_str()); args.push_back(builderBasename.c_str());
foreach (Strings::iterator, i, drv.args) foreach (Strings::iterator, i, drv.args)
args.push_back(rewriteHashes(*i, rewritesToTmp).c_str()); args.push_back(rewriteHashes(*i, rewritesToTmp));
args.push_back(0); std::vector<const char *> argArr = stringsToCharPtrs(args);
restoreSIGPIPE(); restoreSIGPIPE();
/* Execute the program. This should not return. */ /* Execute the program. This should not return. */
inSetup = false; inSetup = false;
execve(program.c_str(), (char * *) &args[0], (char * *) envArr); execve(drv.builder.c_str(), (char * *) &argArr[0], (char * *) &envArr[0]);
throw SysError(format("executing `%1%'") % drv.builder); throw SysError(format("executing `%1%'") % drv.builder);
@ -2778,7 +2763,7 @@ void SubstitutionGoal::tryToRun()
args.push_back("--substitute"); args.push_back("--substitute");
args.push_back(storePath); args.push_back(storePath);
args.push_back(destPath); args.push_back(destPath);
const char * * argArr = strings2CharPtrs(args); std::vector<const char *> argArr = stringsToCharPtrs(args);
/* Fork the substitute program. */ /* Fork the substitute program. */
pid = maybeVfork(); pid = maybeVfork();
@ -2796,7 +2781,7 @@ void SubstitutionGoal::tryToRun()
if (dup2(outPipe.writeSide, STDOUT_FILENO) == -1) if (dup2(outPipe.writeSide, STDOUT_FILENO) == -1)
throw SysError("cannot dup output pipe into stdout"); throw SysError("cannot dup output pipe into stdout");
execv(sub.c_str(), (char * *) argArr); execv(sub.c_str(), (char * *) &argArr[0]);
throw SysError(format("executing `%1%'") % sub); throw SysError(format("executing `%1%'") % sub);

20
nix/libutil/util.cc
View File

@ -852,16 +852,20 @@ void killUser(uid_t uid)
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
std::vector<const char *> stringsToCharPtrs(const Strings & ss)
{
std::vector<const char *> res;
foreach (Strings::const_iterator, i, ss)
res.push_back(i->c_str());
res.push_back(0);
return res;
}
string runProgram(Path program, bool searchPath, const Strings & args) string runProgram(Path program, bool searchPath, const Strings & args)
{ {
checkInterrupt(); checkInterrupt();
std::vector<const char *> cargs; /* careful with c_str()! */
cargs.push_back(program.c_str());
for (Strings::const_iterator i = args.begin(); i != args.end(); ++i)
cargs.push_back(i->c_str());
cargs.push_back(0);
/* Create a pipe. */ /* Create a pipe. */
Pipe pipe; Pipe pipe;
pipe.create(); pipe.create();
@ -880,6 +884,10 @@ string runProgram(Path program, bool searchPath, const Strings & args)
if (dup2(pipe.writeSide, STDOUT_FILENO) == -1) if (dup2(pipe.writeSide, STDOUT_FILENO) == -1)
throw SysError("dupping stdout"); throw SysError("dupping stdout");
Strings args_(args);
args_.push_front(program);
auto cargs = stringsToCharPtrs(args_);
if (searchPath) if (searchPath)
execvp(program.c_str(), (char * *) &cargs[0]); execvp(program.c_str(), (char * *) &cargs[0]);
else else

5
nix/libutil/util.hh
View File

@ -257,6 +257,11 @@ void killUser(uid_t uid);
string runProgram(Path program, bool searchPath = false, string runProgram(Path program, bool searchPath = false,
const Strings & args = Strings()); const Strings & args = Strings());
/* Convert a list of strings to a null-terminated vector of char
*'s. The result must not be accessed beyond the lifetime of the
list of strings. */
std::vector<const char *> stringsToCharPtrs(const Strings & ss);
/* Close all file descriptors except stdin, stdout, stderr, and those /* Close all file descriptors except stdin, stdout, stderr, and those
listed in the given set. Good practice in child processes. */ listed in the given set. Good practice in child processes. */
void closeMostFDs(const set<int> & exceptions); void closeMostFDs(const set<int> & exceptions);