cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/wrappers: require argc to be at least one

Browse source 
setuid applications were exploited in the past with an empty
argv, such as pkexec using CVE-2021-4034.
This commit is contained in:
Konrad Borowski 2022-01-27 08:14:53 +01:00
parent 1009d6e79e
commit 2a6a3d2c47
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/modules/security/wrappers/wrapper.c
View file

@ -170,6 +170,7 @@ int readlink_malloc(const char *p, char **ret) {
}
int main(int argc, char **argv) {
ASSERT(argc >= 1);
char *self_path = NULL;
int self_path_size = readlink_malloc("/proc/self/exe", &self_path);
if (self_path_size < 0) {