From 9fa95d5b45369acfdd38923e8618e94e5d04b07e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 18 May 2019 11:40:26 -0700 Subject: [PATCH] lib: util: Finally remove possibilities of using sys_popen() unsafely. All code now uses sys_popenv() which is much harder to use incorrectly. Remove the extract_args() function that was the cause of possible issues. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- lib/util/sys_popen.c | 95 -------------------------------------------- lib/util/sys_popen.h | 1 - 2 files changed, 96 deletions(-) diff --git a/lib/util/sys_popen.c b/lib/util/sys_popen.c index 65040508c81..659e99ba736 100644 --- a/lib/util/sys_popen.c +++ b/lib/util/sys_popen.c @@ -24,77 +24,6 @@ #include "lib/util/sys_popen.h" #include "lib/util/debug.h" -/************************************************************************** - Extract a command into an arg list. -****************************************************************************/ - -static char **extract_args(TALLOC_CTX *mem_ctx, const char *command) -{ - char *trunc_cmd; - char *saveptr; - char *ptr; - int argcl; - char **argl = NULL; - int i; - - if (!(trunc_cmd = talloc_strdup(mem_ctx, command))) { - DEBUG(0, ("talloc failed\n")); - goto nomem; - } - - if(!(ptr = strtok_r(trunc_cmd, " \t", &saveptr))) { - TALLOC_FREE(trunc_cmd); - errno = EINVAL; - return NULL; - } - - /* - * Count the args. - */ - - for( argcl = 1; ptr; ptr = strtok_r(NULL, " \t", &saveptr)) - argcl++; - - TALLOC_FREE(trunc_cmd); - - if (!(argl = talloc_array(mem_ctx, char *, argcl + 1))) { - goto nomem; - } - - /* - * Now do the extraction. - */ - - if (!(trunc_cmd = talloc_strdup(mem_ctx, command))) { - goto nomem; - } - - ptr = strtok_r(trunc_cmd, " \t", &saveptr); - i = 0; - - if (!(argl[i++] = talloc_strdup(argl, ptr))) { - goto nomem; - } - - while((ptr = strtok_r(NULL, " \t", &saveptr)) != NULL) { - - if (!(argl[i++] = talloc_strdup(argl, ptr))) { - goto nomem; - } - } - - argl[i++] = NULL; - TALLOC_FREE(trunc_cmd); - return argl; - - nomem: - DEBUG(0, ("talloc failed\n")); - TALLOC_FREE(trunc_cmd); - TALLOC_FREE(argl); - errno = ENOMEM; - return NULL; -} - /************************************************************************** Wrapper for popen. Safer as it doesn't search a path. Modified from the glibc sources. @@ -204,30 +133,6 @@ err_exit: return -1; } -int sys_popen(const char *command) -{ - char **argl = NULL; - int ret; - - if (!*command) { - errno = EINVAL; - return -1; - } - - /* - * Extract the command and args into a NULL terminated array. - */ - - argl = extract_args(NULL, command); - if (argl == NULL) { - DBG_ERR("extract_args() failed: %s\n", strerror(errno)); - return -1; - } - ret = sys_popenv(argl); - TALLOC_FREE(argl); - return ret; -} - /************************************************************************** Wrapper for pclose. Modified from the glibc sources. ****************************************************************************/ diff --git a/lib/util/sys_popen.h b/lib/util/sys_popen.h index 80ea70efa75..be437483626 100644 --- a/lib/util/sys_popen.h +++ b/lib/util/sys_popen.h @@ -20,7 +20,6 @@ #ifndef __LIB_SYS_POPEN_H__ #define __LIB_SYS_POPEN_H__ -int sys_popen(const char *command); int sys_popenv(char * const argl[]); int sys_pclose(int fd); -- 2.47.3