luo980/libuv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
94355e4718
libuv/src/unix
History
Ben Noordhuis 94355e4718 unix: fix format string vulnerability in freebsd.c 
uv_set_process_title() was susceptible to a format string vulnerability:

  $ node -e 'process.title = Array(42).join("%s")'
  Segmentation fault: 11 (core dumped)

The fix is trivial - call setproctitle("%s", s) instead of setproctitle(s) -
but valgrind complains loudly about reads from and writes to uninitialized
memory in libc. It's not a libuv bug because the test case below triggers the
same warnings:

  #include <sys/types.h>
  #include <unistd.h>

  int main(void)
  {
    setproctitle("%s", "test");
    return 0;
  }

That's why this commit replaces setproctitle() with sysctl(KERN_PROC_ARGS).

This commit reapplies commit a9f6f06, which got reverted in 69a6afe. The revert
turned out to be unnecessary.
2012-07-19 16:26:54 +02:00
..
eio eio: don't use futimes() on linux 2012-02-06 20:35:56 +01:00
ev unix: fix memory leak in libev 2012-06-14 04:03:05 +02:00
linux unix: undo changes to uv_set_process_title() 2012-07-18 22:54:39 +02:00
async.c unix: implement async handles in libuv 2012-06-11 04:19:31 +02:00
core.c unix: fix 'zero handles, one request' busy loop 2012-07-01 23:59:30 +02:00
cygwin.c unix, test: make NANOSEC a 64 bits unsigned int 2012-06-07 17:00:01 +02:00
darwin.c unix: undo changes to uv_set_process_title() 2012-07-18 22:54:39 +02:00
dl.c unix: assume that dlopen() clobbers dlerror() 2012-06-28 01:54:02 +02:00
error.c unix: map ENODEV to UV_ENODEV 2012-06-26 17:33:29 +02:00
freebsd.c unix: fix format string vulnerability in freebsd.c 2012-07-19 16:26:54 +02:00
fs.c unix, windows: rework reference counting scheme 2012-05-17 07:07:53 +02:00
internal.h unix: revert 0971598, obsoleted by 889ab21 2012-07-02 00:00:20 +02:00
kqueue.c unix, windows: rework reference counting scheme 2012-05-17 07:07:53 +02:00
loop-watcher.c unix: split up loop.c 2012-05-23 23:47:06 +02:00
loop.c unix: implement async handles in libuv 2012-06-11 04:19:31 +02:00
netbsd.c unix, test: make NANOSEC a 64 bits unsigned int 2012-06-07 17:00:01 +02:00
openbsd.c unix: undo changes to uv_set_process_title() 2012-07-18 22:54:39 +02:00
pipe.c unix: fix uv_pipe_connect() with existing fd 2012-07-19 16:25:49 +02:00
poll.c unix: fix uv_poll CPU usage spike 2012-05-23 12:52:44 +02:00
process.c unix: always set CLOEXEC flag for child process stdio FDs 2012-06-14 18:29:47 +02:00
stream.c unix: revert 0971598, obsoleted by 889ab21 2012-07-02 00:00:20 +02:00
sunos.c unix: undo changes to uv_set_process_title() 2012-07-18 22:54:39 +02:00
tcp.c unix: revert 0971598, obsoleted by 889ab21 2012-07-02 00:00:20 +02:00
thread.c unix: thread: use mach semaphores on osx 2012-07-10 14:14:50 +02:00
timer.c unix: implement timers in libuv 2012-05-31 03:08:34 +02:00
tty.c unix: turn field stream->blocking into a flag 2012-05-23 22:48:57 +02:00
udp.c unix: move memset out of recvmsg inner loop 2012-06-05 15:42:20 +02:00
uv-eio.c unix: uv_async handles should not be unref'ed automatically 2012-06-10 02:25:20 +02:00
uv-eio.h move eio stuff into src/unix 2011-08-31 00:24:07 -07:00