luo980/libuv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,704 Commits 13 Branches 240 Tags 29 MiB
v0.8
Commit Graph

4 Commits

Author SHA1 Message Date
Ben Noordhuis
94355e4718 unix: fix format string vulnerability in freebsd.c 
uv_set_process_title() was susceptible to a format string vulnerability:

  $ node -e 'process.title = Array(42).join("%s")'
  Segmentation fault: 11 (core dumped)

The fix is trivial - call setproctitle("%s", s) instead of setproctitle(s) -
but valgrind complains loudly about reads from and writes to uninitialized
memory in libc. It's not a libuv bug because the test case below triggers the
same warnings:

  #include <sys/types.h>
  #include <unistd.h>

  int main(void)
  {
    setproctitle("%s", "test");
    return 0;
  }

That's why this commit replaces setproctitle() with sysctl(KERN_PROC_ARGS).

This commit reapplies commit a9f6f06, which got reverted in 69a6afe. The revert
turned out to be unnecessary.
 2012-07-19 16:26:54 +02:00
Ben Noordhuis
69a6afea63 unix: undo changes to uv_set_process_title() 
It's making node.js crash when run as root. Backtrace:

  (gdb) bt
  #0  0x00007fff856e3ff9 in __findenv ()
  #1  0x00007fff856e404c in getenv ()
  #2  0x000000010004c850 in loop_init (loop=0x10045a792, flags=8) at ev.c:1707
  #3  0x000000010004cb3b in ev_backend [inlined] () at /Users/tjfontaine/Development/node/deps/uv/src/unix/ev/ev.c:2090
  #4  0x000000010004cb3b in ev_default_loop (flags=1606417108) at ev.c:2092
  #5  0x000000010004e5c6 in uv__loop_init (loop=0x10066e330, default_loop=1) at loop.c:52
  #6  0x0000000100044367 in uv_default_loop () at core.c:196
  #7  0x0000000100004625 in node::Init (argc=1606417456, argv=0x100b0f490) at node.cc:2761
  #8  0x000000010000797d in node::Start (argc=1606417600, argv=0x0) at node.cc:2888
  #9  0x0000000100000ca4 in start ()

This reverts commits:

  b49d6f7 unix: fix uv_set_process_title()
  a9f6f06 unix: fix format string vulnerability in freebsd.c
  a87abc7 unix: avoid buffer overflow in proctitle.c
  dc97d44 unix: move uv_set_process_title() to proctitle.c
 2012-07-18 22:54:39 +02:00
Ben Noordhuis
a9f6f06fea unix: fix format string vulnerability in freebsd.c 
uv_set_process_title() was susceptible to a format string vulnerability:

  $ node -e 'process.title = Array(42).join("%s")'
  Segmentation fault: 11 (core dumped)

The fix is trivial - call setproctitle("%s", s) instead of setproctitle(s) -
but valgrind complains loudly about reads from and writes to uninitialized
memory in libc. It's not a libuv bug because the test case below triggers the
same warnings:

  #include <stdio.h>
  #include <stdlib.h>
  #include <sys/types.h>
  #include <unistd.h>

  int main(void)
  {
    setproctitle("%s", "test");
    return 0;
  }

That's why this commit replaces setproctitle() with sysctl(KERN_PROC_ARGS).
 2012-07-13 17:16:38 +02:00
Igor Zinkovsky
3d189de699 platform api 2011-12-14 17:50:36 -08:00