lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZSZ7yXwYAg-xPC7P@debian>
Date:   Wed, 11 Oct 2023 12:41:13 +0200
From:   Alejandro Colomar <alx@...nel.org>
To:     Rik van Riel <riel@...riel.com>
Cc:     linux-man@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        kernel-team@...a.com, Eric Biederman <ebiederm@...ssion.com>
Subject: Re: [PATCH] execve.2: execve also returns E2BIG if a string is too
 long

Hi Rik,

On Tue, Oct 10, 2023 at 11:41:53PM -0400, Rik van Riel wrote:
> Document that if a command line or environment string is too long (> MAX_ARG_STRLEN), execve will also return E2BIG.

That's already implied by the current text:

       E2BIG  The total number of bytes in the environment (envp) and argument
              list (argv) is too large.

That means that

size_t  bytes;

bytes = 0;
for (char *e = envp; e != NULL; e++)
	bytes += strlen(e) + 1;  // I have doubts about the +1
for (char *a = argv; a != NULL; a++)
	bytes += strlen(a) + 1;  // Same doubts

if (bytes > MAX_ARG_STRLEN)  // Maybe >= ?
	return -E2BIG;

> 
> Signed-off-by: Rik van Riel <riel@...riel.com>
> ---
>  man2/execve.2 | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/man2/execve.2 b/man2/execve.2
> index 0d9582492ad1..c1a359d01872 100644
> --- a/man2/execve.2
> +++ b/man2/execve.2
> @@ -449,7 +449,7 @@ The total number of bytes in the environment
>  .RI ( envp )
>  and argument list
>  .RI ( argv )
> -is too large.
> +is too large, or an argument or environment string is too long.

Please use semantic newlines:

$ MANWIDTH=72 man man-pages | sed -n '/Use semantic newlines/,/^$/p'
   Use semantic newlines
       In the source of a manual page, new sentences should be started
       on  new  lines,  long  sentences  should be split into lines at
       clause breaks (commas, semicolons, colons, and so on), and long
       clauses should be split at phrase boundaries.  This convention,
       sometimes known as "semantic newlines", makes it easier to  see
       the  effect of patches, which often operate at the level of in‐
       dividual sentences, clauses, or phrases.


Thanks,
Alex

>  .TP
>  .B EACCES
>  Search permission is denied on a component of the path prefix of
> -- 
> 2.41.0
> 
> 

-- 
<https://www.alejandro-colomar.es/>

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ