Suppress 'tainted string passed to vulnerable operation' false defects

* include/private/gc_priv.h (TRUSTED_STRING): New tagging macro; add
comment.
* misc.c (GC_init): Process the result of GETENV("GC_LOG_FILE") by
TRUSTED_STRING.
* tools/if_mach.c (main): Process argv[3] by TRUSTED_STRING (before
passing the string to execvp).
* tools/if_not_there.c (main): Declare "fname" local variable;
process argv[1] and argv[2] by TRUSTED_STRING (before passing the
strings to fopen/opendir and execvp, respectively).

2 files changed, 8 insertions, 5 deletions

diff --git a/tools/if_mach.c b/tools/if_mach.c
index f99d1649..1b12a39d 100644
--- a/tools/if_mach.c
+++ b/tools/if_mach.c
@@ -13,7 +13,7 @@ int main(int argc, char **argv)
         && strcmp(OS_TYPE, argv[2]) != 0) return(0);
     fprintf(stderr, "^^^^Starting command^^^^\n");
     fflush(stdout);
-    execvp(argv[3], argv+3);
+    execvp(TRUSTED_STRING(argv[3]), argv+3);
     perror("Couldn't execute");
 
 Usage:
diff --git a/tools/if_not_there.c b/tools/if_not_there.c
index 652126d4..845b19af 100644
--- a/tools/if_not_there.c
+++ b/tools/if_not_there.c
@@ -15,27 +15,30 @@ int main(int argc, char **argv)
 #ifdef __DJGPP__
     DIR * d;
 #endif /* __DJGPP__ */
+    char *fname;
+
     if (argc < 3) goto Usage;
 
-    f = fopen(argv[1], "rb");
+    fname = TRUSTED_STRING(argv[1]);
+    f = fopen(fname, "rb");
     if (f != NULL) {
         fclose(f);
         return(0);
     }
-    f = fopen(argv[1], "r");
+    f = fopen(fname, "r");
     if (f != NULL) {
         fclose(f);
         return(0);
     }
 #ifdef __DJGPP__
-    if ((d = opendir(argv[1])) != 0) {
+    if ((d = opendir(fname)) != 0) {
             closedir(d);
             return(0);
     }
 #endif
     printf("^^^^Starting command^^^^\n");
     fflush(stdout);
-    execvp(argv[2], argv+2);
+    execvp(TRUSTED_STRING(argv[2]), argv+2);
     exit(1);
 
 Usage: