~ruther/guix-local

1303a4a4517260def862ce7fe97e6b28dd8005e1 — Ludovic Courtès 11 years ago 2320ea1 
daemon: Fix possible use-after-free.

This is essentially a backport of
<https://github.com/NixOS/nix/commit/f52b6c944e90b3e35925122779175705fdc02e12>
by Eelco Dolstra <eelco.dolstra@logicblox.com>.

The use-after-free bug would typically manifest when building with
GCC 5.1.
patch browse .tar.gz 
3 files changed, 26 insertions(+), 28 deletions(-)

M nix/libstore/build.cc
M nix/libutil/util.cc
M nix/libutil/util.hh

M nix/libstore/build.cc => nix/libstore/build.cc +7 -22
@@ 401,18 401,6 @@ static void commonChildInit(Pipe & logPipe)
}


/* Convert a string list to an array of char pointers.  Careful: the
   string list should outlive the array. */
const char * * strings2CharPtrs(const Strings & ss)
{
    const char * * arr = new const char * [ss.size() + 1];
    const char * * p = arr;
    foreach (Strings::const_iterator, i, ss) *p++ = i->c_str();
    *p = 0;
    return arr;
}


/* Restore default handling of SIGPIPE, otherwise some programs will
   randomly say "Broken pipe". */
static void restoreSIGPIPE()


@@ 2135,11 2123,7 @@ void DerivationGoal::initChild()
        Strings envStrs;
        foreach (Environment::const_iterator, i, env)
            envStrs.push_back(rewriteHashes(i->first + "=" + i->second, rewritesToTmp));
        const char * * envArr = strings2CharPtrs(envStrs);

        Path program = drv.builder.c_str();
        std::vector<const char *> args; /* careful with c_str()! */
        string user; /* must be here for its c_str()! */
	std::vector<const char *> envArr = stringsToCharPtrs(envStrs);

        /* If we are running in `build-users' mode, then switch to the
           user we allocated above.  Make sure that we drop all root


@@ 2165,17 2149,18 @@ void DerivationGoal::initChild()
        }

        /* Fill in the arguments. */
	Strings args;
        string builderBasename = baseNameOf(drv.builder);
        args.push_back(builderBasename.c_str());
        foreach (Strings::iterator, i, drv.args)
            args.push_back(rewriteHashes(*i, rewritesToTmp).c_str());
        args.push_back(0);
            args.push_back(rewriteHashes(*i, rewritesToTmp));
	std::vector<const char *> argArr = stringsToCharPtrs(args);

        restoreSIGPIPE();

        /* Execute the program.  This should not return. */
        inSetup = false;
        execve(program.c_str(), (char * *) &args[0], (char * *) envArr);
        execve(drv.builder.c_str(), (char * *) &argArr[0], (char * *) &envArr[0]);

        throw SysError(format("executing `%1%'") % drv.builder);



@@ 2778,7 2763,7 @@ void SubstitutionGoal::tryToRun()
    args.push_back("--substitute");
    args.push_back(storePath);
    args.push_back(destPath);
    const char * * argArr = strings2CharPtrs(args);
    std::vector<const char *> argArr = stringsToCharPtrs(args);

    /* Fork the substitute program. */
    pid = maybeVfork();


@@ 2796,7 2781,7 @@ void SubstitutionGoal::tryToRun()
            if (dup2(outPipe.writeSide, STDOUT_FILENO) == -1)
                throw SysError("cannot dup output pipe into stdout");

            execv(sub.c_str(), (char * *) argArr);
            execv(sub.c_str(), (char * *) &argArr[0]);

            throw SysError(format("executing `%1%'") % sub);



M nix/libutil/util.cc => nix/libutil/util.cc +14 -6
@@ 852,16 852,20 @@ void killUser(uid_t uid)
//////////////////////////////////////////////////////////////////////


std::vector<const char *> stringsToCharPtrs(const Strings & ss)
{
    std::vector<const char *> res;
    foreach (Strings::const_iterator, i, ss)
        res.push_back(i->c_str());
    res.push_back(0);
    return res;
}


string runProgram(Path program, bool searchPath, const Strings & args)
{
    checkInterrupt();

    std::vector<const char *> cargs; /* careful with c_str()! */
    cargs.push_back(program.c_str());
    for (Strings::const_iterator i = args.begin(); i != args.end(); ++i)
        cargs.push_back(i->c_str());
    cargs.push_back(0);

    /* Create a pipe. */
    Pipe pipe;
    pipe.create();


@@ 880,6 884,10 @@ string runProgram(Path program, bool searchPath, const Strings & args)
            if (dup2(pipe.writeSide, STDOUT_FILENO) == -1)
                throw SysError("dupping stdout");

	    Strings args_(args);
	    args_.push_front(program);
	    auto cargs = stringsToCharPtrs(args_);

            if (searchPath)
                execvp(program.c_str(), (char * *) &cargs[0]);
            else


M nix/libutil/util.hh => nix/libutil/util.hh +5 -0
@@ 257,6 257,11 @@ void killUser(uid_t uid);
string runProgram(Path program, bool searchPath = false,
    const Strings & args = Strings());

/* Convert a list of strings to a null-terminated vector of char
   *'s. The result must not be accessed beyond the lifetime of the
   list of strings. */
std::vector<const char *> stringsToCharPtrs(const Strings & ss);

/* Close all file descriptors except stdin, stdout, stderr, and those
   listed in the given set.  Good practice in child processes. */
void closeMostFDs(const set<int> & exceptions);