From freefall.cdrom.com!owner-freebsd-hackers Wed Aug 24 03:52:36 1994
Return-Path: <owner-freebsd-hackers@freefall.cdrom.com>
Received: from freefall.cdrom.com by tfs.com (smail3.1.28.1) with SMTP
	id m0qdFwU-0003vxa; Wed, 24 Aug 94 03:52 PDT
Received: (from root@localhost) by freefall.cdrom.com (8.6.8/8.6.6) id DAA09944 for freebsd-hackers-outgoing; Wed, 24 Aug 1994 03:49:44 -0700
Received: from Root.COM (implode.Root.COM [198.145.90.241]) by freefall.cdrom.com (8.6.8/8.6.6) with ESMTP id DAA09938 for <freebsd-hackers@freefall.cdrom.com>; Wed, 24 Aug 1994 03:49:40 -0700
Received: from corbin.Root.COM (corbin.Root.COM [198.145.90.2]) by Root.COM (8.6.8/8.6.5) with ESMTP id DAA00168; Wed, 24 Aug 1994 03:49:58 -0700
Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.9/8.6.5) with SMTP id DAA02545; Wed, 24 Aug 1994 03:49:16 -0700
Message-Id: <199408241049.DAA02545@corbin.Root.COM>
X-Authentication-Warning: corbin.Root.COM: Host localhost didn't use HELO protocol
To: Armin Gruner <gruner@informatik.tu-muenchen.de>
cc: freebsd-hackers@freefall.cdrom.com, batie@agora.rdrop.com, marc@dev.com
Subject: Re: Strangeness of execv()  (FIX!!!)
In-reply-to: Your message of "Wed, 10 Aug 94 19:25:25 +0200."
             <Pine.3.89.9408101801.A13689-0100000@hprbg5.informatik.tu-muenchen.de> 
From: David Greenman <davidg@Root.COM>
Reply-To: davidg@Root.COM
Date: Wed, 24 Aug 1994 03:49:12 -0700
Sender: freebsd-hackers-owner@freefall.cdrom.com
Precedence: bulk
Status: RO

>I'm not quite sure where reports for 1.1.5[.1] should still be make
>it into here, but.. >:-)
>
>The following (errorneous) code makes a 1.1.5 kernel rebooting, without a 
>panic:

   Sorry it took so long for me to get to looking at this; I've been busy
with 2.0 this has had to sit on the back "burner" for a bit. The reboot
was caused by not handling the EFAULT error return from the copyinstr()
function. I've attached a patch.

   EVERYONE: Consider the following patch VERY important; I highly recommend
it be applied as soon as possible.

-DG

Index: kern/kern_execve.c
===================================================================
RCS file: /home/cvs/386BSD/src/sys/kern/kern_execve.c,v
retrieving revision 1.20
diff -c -r1.20 src/sys/kern/kern_execve.c
*** 1.20	1994/03/26 12:24:27
--- src/sys/kern/kern_execve.c	1994/08/24 10:39:34
***************
*** 360,366 ****
  {
  	char	**argv, **envv;
  	char	*argp, *envp;
! 	int	length;
  
  	/*
  	 * extract arguments first
--- 360,366 ----
  {
  	char	**argv, **envv;
  	char	*argp, *envp;
! 	int	error, length;
  
  	/*
  	 * extract arguments first
***************
*** 368,384 ****
  
  	argv = iparams->uap->argv; 
  
! 	if (argv)
  		while (argp = (caddr_t) fuword(argv++)) {
  			if (argp == (caddr_t) -1)
  				return (EFAULT);
! 			if (copyinstr(argp, iparams->stringp, iparams->stringspace,
! 				&length) == ENAMETOOLONG)
  					return(E2BIG);
  			iparams->stringspace -= length;
  			iparams->stringp += length;
  			iparams->argc++;
  		}
  
  	/*
  	 * extract environment strings
--- 368,388 ----
  
  	argv = iparams->uap->argv; 
  
! 	if (argv) {
  		while (argp = (caddr_t) fuword(argv++)) {
  			if (argp == (caddr_t) -1)
  				return (EFAULT);
! 			if (error = copyinstr(argp, iparams->stringp,
! 			    iparams->stringspace, &length)) {
! 				if (error == ENAMETOOLONG)
  					return(E2BIG);
+ 				return (error);
+ 			}
  			iparams->stringspace -= length;
  			iparams->stringp += length;
  			iparams->argc++;
  		}
+ 	}
  
  	/*
  	 * extract environment strings
***************
*** 386,402 ****
  
  	envv = iparams->uap->envv; 
  
! 	if (envv)
  		while (envp = (caddr_t) fuword(envv++)) {
  			if (envp == (caddr_t) -1)
  				return (EFAULT);
! 			if (copyinstr(envp, iparams->stringp, iparams->stringspace,
! 				&length) == ENAMETOOLONG)
  					return(E2BIG);
  			iparams->stringspace -= length;
  			iparams->stringp += length;
  			iparams->envc++;
  		}
  
  	return (0);
  }
--- 390,410 ----
  
  	envv = iparams->uap->envv; 
  
! 	if (envv) {
  		while (envp = (caddr_t) fuword(envv++)) {
  			if (envp == (caddr_t) -1)
  				return (EFAULT);
! 			if (error = copyinstr(envp, iparams->stringp,
! 			    iparams->stringspace, &length)) {
! 				if (error == ENAMETOOLONG)
  					return(E2BIG);
+ 				return (error);
+ 			}
  			iparams->stringspace -= length;
  			iparams->stringp += length;
  			iparams->envc++;
  		}
+ 	}
  
  	return (0);
  }