From 9abea1d6f3651ac6a929bf18a6feb97767cbdb60 Mon Sep 17 00:00:00 2001 From: Tomasz Kramkowski Date: Wed, 26 Jan 2022 13:01:28 +0000 Subject: [PATCH] Fail early if argc <= 0 or argv[0] is NULL Under musl optind will be 1 if getopt is called with argc == 0. Under glibc it is not quite clear what will happen and I haven't tested it. In either case, this triggers a bug where argv ends up pointing at envp and argc is set to -1 which has further unclear implications on the execution of the program. By failing early, these issues can be safely avoided. fputs and exit are used instead of errx as errx does not have the information necessary to print a meaningful program name. --- doas.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doas.c b/doas.c index ac3a42a..8141102 100644 --- a/doas.c +++ b/doas.c @@ -262,6 +262,11 @@ main(int argc, char **argv) setprogname("doas"); + if (argc <= 0 || argv[0] == NULL) { + fputs("doas: executed without argv[0]\n", stderr); + exit(1); + } + closefrom(STDERR_FILENO + 1); uid = getuid();