From 7f0205fe2f06221d76243342d299851f48c2b83c Mon Sep 17 00:00:00 2001 From: Tomasz Kramkowski Date: Wed, 26 Jan 2022 13:01:28 +0000 Subject: [PATCH] Fail early if argc <= 0 or argv[0] is NULL Under musl optind will be 1 if getopt is called with argc == 0. Under glibc it is not quite clear what will happen and I haven't tested it. In either case, this triggers a bug where argv ends up pointing at envp and argc is set to -1 which has further unclear implications on the execution of the program. By failing early, these issues can be safely avoided. fputs and exit are used instead of errx as errx does not have the information necessary to print a meaningful program name. --- doas.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doas.c b/doas.c index ac3a42a..0ea380a 100644 --- a/doas.c +++ b/doas.c @@ -260,6 +260,11 @@ main(int argc, char **argv) const char *cwd; char **envp; + if (argc <= 0 || argv == NULL || argv[0] == NULL) { + fprintf(stderr, "doas: executed without argv\n"); + exit(1); + } + setprogname("doas"); closefrom(STDERR_FILENO + 1);