diff options
-rw-r--r-- | include/private/gc_priv.h | 5 | ||||
-rw-r--r-- | misc.c | 2 | ||||
-rw-r--r-- | tools/if_mach.c | 2 | ||||
-rw-r--r-- | tools/if_not_there.c | 11 |
4 files changed, 14 insertions, 6 deletions
diff --git a/include/private/gc_priv.h b/include/private/gc_priv.h index 73eb48cd..979b27fa 100644 --- a/include/private/gc_priv.h +++ b/include/private/gc_priv.h @@ -565,6 +565,11 @@ GC_EXTERN GC_warn_proc GC_current_warn_proc; # define WARN_PRIdPTR "ld" #endif +/* A tagging macro (for a code static analyzer) to indicate that the */ +/* string obtained from an untrusted source (e.g., argv[], getenv) is */ +/* safe to use in a vulnerable operation (e.g., open, exec). */ +#define TRUSTED_STRING(s) (s) + /* Get environment entry */ #ifdef GC_READ_ENV_FILE GC_INNER char * GC_envfile_getenv(const char *name); @@ -969,7 +969,7 @@ GC_API void GC_CALL GC_init(void) # if (defined(UNIX_LIKE) && !defined(GC_ANDROID_LOG)) \ || defined(CYGWIN32) || defined(SYMBIAN) { - char * file_name = GETENV("GC_LOG_FILE"); + char * file_name = TRUSTED_STRING(GETENV("GC_LOG_FILE")); # ifdef GC_LOG_TO_FILE_ALWAYS if (NULL == file_name) file_name = GC_LOG_STD_NAME; diff --git a/tools/if_mach.c b/tools/if_mach.c index f99d1649..1b12a39d 100644 --- a/tools/if_mach.c +++ b/tools/if_mach.c @@ -13,7 +13,7 @@ int main(int argc, char **argv) && strcmp(OS_TYPE, argv[2]) != 0) return(0); fprintf(stderr, "^^^^Starting command^^^^\n"); fflush(stdout); - execvp(argv[3], argv+3); + execvp(TRUSTED_STRING(argv[3]), argv+3); perror("Couldn't execute"); Usage: diff --git a/tools/if_not_there.c b/tools/if_not_there.c index 652126d4..845b19af 100644 --- a/tools/if_not_there.c +++ b/tools/if_not_there.c @@ -15,27 +15,30 @@ int main(int argc, char **argv) #ifdef __DJGPP__ DIR * d; #endif /* __DJGPP__ */ + char *fname; + if (argc < 3) goto Usage; - f = fopen(argv[1], "rb"); + fname = TRUSTED_STRING(argv[1]); + f = fopen(fname, "rb"); if (f != NULL) { fclose(f); return(0); } - f = fopen(argv[1], "r"); + f = fopen(fname, "r"); if (f != NULL) { fclose(f); return(0); } #ifdef __DJGPP__ - if ((d = opendir(argv[1])) != 0) { + if ((d = opendir(fname)) != 0) { closedir(d); return(0); } #endif printf("^^^^Starting command^^^^\n"); fflush(stdout); - execvp(argv[2], argv+2); + execvp(TRUSTED_STRING(argv[2]), argv+2); exit(1); Usage: |