Skip to content

Commit

Permalink
Fail early if argc <= 0 or argv[0] is NULL
Browse files Browse the repository at this point in the history
Under musl optind will be 1 if getopt is called with argc == 0.
Under glibc it is not quite clear what will happen and I haven't tested
it.

In either case, this triggers a bug where argv ends up pointing at
envp and argc is set to -1 which has further unclear implications on the
execution of the program.

By failing early, these issues can be safely avoided.

fputs and exit are used instead of errx as errx does not have the
information necessary to print a meaningful program name.
  • Loading branch information
EliteTK authored and Duncaen committed Jan 26, 2022
1 parent 24b1a95 commit 7f0205f
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions doas.c
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,11 @@ main(int argc, char **argv)
const char *cwd;
char **envp;

if (argc <= 0 || argv == NULL || argv[0] == NULL) {
fprintf(stderr, "doas: executed without argv\n");
exit(1);
}

setprogname("doas");

closefrom(STDERR_FILENO + 1);
Expand Down

0 comments on commit 7f0205f

Please # to comment.