← Back to index
|
Original Bugzilla link
Bug 385 – unprotected command line parsing
Status
RESOLVED
Resolution
FIXED
Severity
normal
Priority
P2
Component
dmd
Product
D
Version
D1 (retired)
Platform
x86
OS
All
Creation time
2006-09-28T13:30:00Z
Last change time
2014-02-15T13:21:56Z
Keywords
patch
Assigned to
bugzilla
Creator
thomas-dloop
Comments
Comment #0
by thomas-dloop — 2006-09-28T13:30:15Z
DMD-0.167's argument parsing is unprotected against malicious command line arguments. Sample exploits: # # #include <unistd.h> # #include <stdlib.h> # # // sample 1 # execve("dmd", NULL, NULL); # # // sample 2 # char** arg = malloc(sizeof(char*)); # arg[0] = NULL; # execve("dmd", arg, NULL); # mars.c's current code: # # int status = EXIT_SUCCESS; # int argcstart = argc; # # // Initialization # Type::init(); # Id::initialize(); # Suggested fix: # # int status = EXIT_SUCCESS; # int argcstart = argc; # # // protect against malicious arguments # if (argc < 1 || !argv) # { usage(); # exit(EXIT_FAILURE); # } # for (i = 0; i < argc; i++) # { # if (!argv[i]) # { usage(); # exit(EXIT_FAILURE); # } # } # # // Initialization # Type::init(); # Id::initialize(); #
Comment #1
by bugzilla — 2006-10-04T19:55:20Z
Fixed DMD 0.168