diff options
| author |   schwarze <schwarze@openbsd.org> | 2014-06-24 15:05:49 +0000 |
|---|---|---|
| committer | schwarze <schwarze@openbsd.org> | 2014-06-24 15:05:49 +0000 |
| commit | 4f2793c7687f3feb2ea8acb8fcfb73430f6dbe66 (patch) | |
| tree | 53d4de39c3b6ce617ef934d73a86e8f70b5a137e | |
| parent | Fixup the test after new queue code has been added. (diff) | |
| download | wireguard-openbsd-4f2793c7687f3feb2ea8acb8fcfb73430f6dbe66.tar.xz wireguard-openbsd-4f2793c7687f3feb2ea8acb8fcfb73430f6dbe66.zip | |
Do not try to pass potentially non-existent array elements into
functions since that is going to kill the Perl interpreter.
While here, do not attempt to parse $PATH or $ENV when undefined.
Crash found the hard way with a dubious /root/.login file by otto@ who
declares himself unable to read perl code even though he can apparently
debug it with ktrace(1) - thanks for the excellent bug report!
Feedback and ok florian@.
| -rw-r--r-- | libexec/security/security | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/libexec/security/security b/libexec/security/security index aed24bc0865..251c666d272 100644 --- a/libexec/security/security +++ b/libexec/security/security @@ -1,8 +1,8 @@ #!/usr/bin/perl -T -# $OpenBSD: security,v 1.27 2014/04/29 21:30:20 dcoppa Exp $ +# $OpenBSD: security,v 1.28 2014/06/24 15:05:49 schwarze Exp $ # -# Copyright (c) 2011, 2012 Ingo Schwarze <schwarze@openbsd.org> +# Copyright (c) 2011, 2012, 2014 Ingo Schwarze <schwarze@openbsd.org> # Copyright (c) 2011 Andrew Fresh <andrew@afresh1.com> # # Permission to use, copy, modify, and distribute this software for any @@ -197,8 +197,9 @@ sub check_umask { # Instead, consider modifying the shells to warn about '.' in the PATH. sub check_root_path { my ($path, $filename) = @_; - nag !($path =~ s/^PATH=[:\s]*//), - "Failed to find PATH in $filename."; + nag !(defined $path && $path =~ s/^PATH=[:\s]*//), + "Failed to find PATH in $filename." + and return; foreach my $dir (split /[:\s]+/, $path) { nag $dir eq '.', "The root path includes ." and next; next unless -d $dir; @@ -227,7 +228,7 @@ sub check_csh { my @output = <$fh>; close $fh; chomp @output; - check_root_path $output[-1], $filename; + check_root_path pop @output, $filename; } nag !$umaskset, "\nRoot csh startup files do not set the umask."; @@ -250,9 +251,10 @@ sub check_sh { my @output = <$fh>; close $fh; chomp @output; - check_root_path $output[-1], $filename; + check_root_path pop @output, $filename; - nag !($output[-2] =~ /^ENV=\s*(\S*)/), + my $env = pop @output; + nag !(defined $env && $env =~ /^ENV=\s*(\S*)/), "Failed to find ENV in $filename." and next; push @env_path, $1 if $1 ne ''; @@ -283,7 +285,7 @@ sub check_ksh { my @output = <$fh>; close $fh; chomp @output; - check_root_path $output[-1], $filename; + check_root_path pop @output, $filename; } } |