Displaying 4 results from an estimated 4 matches for "nbdkitshxxxxxx".
2019 Sep 05
0
Re: [PATCH nbdkit] Ban use of stack Variable Length Arrays (VLAs).
...pdir);
> - system (cmd);
> + if (asprintf (&cmd, "rm -rf %s", tmpdir) >= 0)
> + system (cmd);
Safe only because our tmpdir pattern contains no shell metacharacters
(your patch does not change that fact). If we ever decided to honor
$TMPDIR (that is, creating $TMPDIR/nbdkitshXXXXXX instead of
/tmp/nbdkitshXXXXXX), then we'd need shell quoting here. But doesn't
change this patch.
> +++ b/server/sockets.c
> @@ -366,10 +366,16 @@ accept_connection (int listen_sock)
> static void
> check_sockets_and_quit_fd (int *socks, size_t nr_socks)
> {
> - str...
2020 Apr 15
0
[PATCH nbdkit 8/9] eval, sh: Set $tmpdir before running the command, instead of globally.
...**) argv);
perror (argv[0]);
_exit (EXIT_FAILURE);
diff --git a/plugins/sh/sh.c b/plugins/sh/sh.c
index c8a321f1..deb01201 100644
--- a/plugins/sh/sh.c
+++ b/plugins/sh/sh.c
@@ -50,7 +50,7 @@
#include "call.h"
#include "methods.h"
-static char tmpdir[] = "/tmp/nbdkitshXXXXXX";
+char tmpdir[] = "/tmp/nbdkitshXXXXXX";
static char *script;
static char *magic_config_key;
@@ -71,11 +71,6 @@ sh_load (void)
nbdkit_error ("mkdtemp: /tmp: %m");
exit (EXIT_FAILURE);
}
- /* Set $tmpdir for the script. */
- if (setenv ("tmpdir"...
2019 Sep 05
2
[PATCH nbdkit] Ban use of stack Variable Length Arrays (VLAs).
I'm not someone who thinks VLAs are automatically bad and unlike Linux
kernel code they can sometimes be used safely in userspace. However
for an internet exposed server there is an argument that they might
cause some kind of exploitable situation especially if the code is
compiled without other stack hardening features. Also in highly
multithreaded code with limited stack sizes (as nbdkit
2020 Apr 15
18
[PATCH nbdkit 0/9] Generic vector, and pass $nbdkit_stdio_safe to shell scripts.
This was a rather longer trip around the houses than I anticipated!
The basic purpose of the patch series is to set $nbdkit_stdio_safe to
"0" or "1" in sh and eval plugin scripts.
To do that, I ended up adding a nicer way to manipulate environ lists,
and to do that, I ended up adding a whole generic vector
implementation which is applicable in a lot of different places.