PR#6945 and GPR#227: protect Sys and Unix functions against string arguments containing the null character '\000'

Continuation of commit dc043a7: - Update the win32unix/ files with the new checks. - Completely untested, not even compiled.
author: Xavier Leroy <xavier.leroy@inria.fr> 2015-11-11 17:23:40 +0100
committer: Xavier Leroy <xavier.leroy@inria.fr> 2015-11-11 17:23:40 +0100
commit: 9dfa69e54698842ece80ee0ac11aa6ede1f2a1b4 (patch)
tree: da0a1ef1766b46a6ef14966fd6ad9f1f9aec427a
parent: dc043a7b6262df0d33fb585b123052739347e373 (diff)
download: ocaml-9dfa69e54698842ece80ee0ac11aa6ede1f2a1b4.tar.gz
10 files changed, 22 insertions, 9 deletions
diff --git a/otherlibs/win32unix/createprocess.c b/otherlibs/win32unix/createprocess.c
index 791acbb50d..f7e3b6bbba 100644
--- a/otherlibs/win32unix/createprocess.c
+++ b/otherlibs/win32unix/createprocess.c
@@ -26,6 +26,7 @@ value win_create_process_native(value cmd, value cmdline, value env,
   char * exefile, * envp;
   int flags;
 
+  caml_unix_check_path(cmd, "create_process");
   exefile = search_exe_in_path(String_val(cmd));
   if (env != Val_int(0)) {
     envp = String_val(Field(env, 0));
diff --git a/otherlibs/win32unix/link.c b/otherlibs/win32unix/link.c
index 93d21508a2..f097835fb9 100644
--- a/otherlibs/win32unix/link.c
+++ b/otherlibs/win32unix/link.c
@@ -32,6 +32,8 @@ CAMLprim value unix_link(value path1, value path2)
     (tCreateHardLink) GetProcAddress(hModKernel32, "CreateHardLinkA");
   if (pCreateHardLink == NULL)
     invalid_argument("Unix.link not implemented");
+  caml_unix_check_path(path1, "link");
+  caml_unix_check_path(path2, "link");
   if (! pCreateHardLink(String_val(path2), String_val(path1), NULL)) {
     win32_maperr(GetLastError());
     uerror("link", path2);
diff --git a/otherlibs/win32unix/mkdir.c b/otherlibs/win32unix/mkdir.c
index 21bca10ce4..f61a56e826 100644
--- a/otherlibs/win32unix/mkdir.c
+++ b/otherlibs/win32unix/mkdir.c
@@ -17,6 +17,7 @@
 CAMLprim value unix_mkdir(path, perm)
      value path, perm;
 {
+  caml_unix_check_path(path, "mkdir");
   if (_mkdir(String_val(path)) == -1) uerror("mkdir", path);
   return Val_unit;
 }
diff --git a/otherlibs/win32unix/open.c b/otherlibs/win32unix/open.c
index f9e9df21ad..1ccc485007 100644
--- a/otherlibs/win32unix/open.c
+++ b/otherlibs/win32unix/open.c
@@ -39,6 +39,7 @@ CAMLprim value unix_open(value path, value flags, value perm)
   SECURITY_ATTRIBUTES attr;
   HANDLE h;
 
+  caml_unix_check_path(path, "open");
   fileaccess = convert_flag_list(flags, open_access_flags);
   sharemode = FILE_SHARE_READ | FILE_SHARE_WRITE
               | convert_flag_list(flags, open_share_flags);
diff --git a/otherlibs/win32unix/rename.c b/otherlibs/win32unix/rename.c
index ad46ead246..002197e7a7 100644
--- a/otherlibs/win32unix/rename.c
+++ b/otherlibs/win32unix/rename.c
@@ -20,6 +20,8 @@ CAMLprim value unix_rename(value path1, value path2)
   static int supports_MoveFileEx = -1; /* don't know yet */
   BOOL ok;
 
+  caml_unix_check_path(path1, "rename");
+  caml_unix_check_path(path2, "rename");
   if (supports_MoveFileEx < 0) {
     OSVERSIONINFO VersionInfo;
     VersionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
diff --git a/otherlibs/win32unix/stat.c b/otherlibs/win32unix/stat.c
index 46fc9841b1..02edd3dd3e 100644
--- a/otherlibs/win32unix/stat.c
+++ b/otherlibs/win32unix/stat.c
@@ -66,6 +66,7 @@ CAMLprim value unix_stat(value path)
   int ret;
   struct _stati64 buf;
 
+  caml_unix_check_path(path, "stat");
   ret = _stati64(String_val(path), &buf);
   if (ret == -1) uerror("stat", path);
   if (buf.st_size > Max_long) {
@@ -79,6 +80,8 @@ CAMLprim value unix_stat_64(value path)
 {
   int ret;
   struct _stati64 buf;
+
+  caml_unix_check_path(path, "stat");
   ret = _stati64(String_val(path), &buf);
   if (ret == -1) uerror("stat", path);
   return stat_aux(1, &buf);
diff --git a/otherlibs/win32unix/system.c b/otherlibs/win32unix/system.c
index 202dcd0813..5a16f9e14e 100644
--- a/otherlibs/win32unix/system.c
+++ b/otherlibs/win32unix/system.c
@@ -27,6 +27,7 @@ CAMLprim value win_system(cmd)
   char *buf;
   intnat len;
 
+  caml_unix_check_path(cmd, "system");
   len = caml_string_length (cmd);
   buf = caml_stat_alloc (len + 1);
   memmove (buf, String_val (cmd), len + 1);
diff --git a/otherlibs/win32unix/unixsupport.c b/otherlibs/win32unix/unixsupport.c
index 85f220c329..ac9c394831 100644
--- a/otherlibs/win32unix/unixsupport.c
+++ b/otherlibs/win32unix/unixsupport.c
@@ -303,9 +303,12 @@ void unix_error(int errcode, char *cmdname, value cmdarg)
   mlraise(res);
 }
 
-void uerror(cmdname, cmdarg)
-     char * cmdname;
-     value cmdarg;
+void uerror(char * cmdname, value cmdarg)
 {
   unix_error(errno, cmdname, cmdarg);
 }
+
+void caml_unix_check_path(value path, char * cmdname)
+{
+  if (! caml_string_is_c_safe(path)) unix_error(ENOENT, cmdname, path);
+}
diff --git a/otherlibs/win32unix/unixsupport.h b/otherlibs/win32unix/unixsupport.h
index 5d9b030875..9ce0fc997b 100644
--- a/otherlibs/win32unix/unixsupport.h
+++ b/otherlibs/win32unix/unixsupport.h
@@ -59,6 +59,7 @@ extern void win32_maperr(DWORD errcode);
 extern value unix_error_of_code (int errcode);
 extern void unix_error (int errcode, char * cmdname, value arg);
 extern void uerror (char * cmdname, value arg);
+extern void caml_unix_check_path(value path, char * cmdname);
 extern value unix_freeze_buffer (value);
 extern char ** cstringvect(value arg);
 
diff --git a/otherlibs/win32unix/windir.c b/otherlibs/win32unix/windir.c
index ef952aa902..35228c5d9f 100644
--- a/otherlibs/win32unix/windir.c
+++ b/otherlibs/win32unix/windir.c
@@ -18,8 +18,7 @@
 #include <caml/fail.h>
 #include "unixsupport.h"
 
-CAMLprim value win_findfirst(name)
-     value name;
+CAMLprim value win_findfirst(value name)
 {
   HANDLE h;
   value v;
@@ -27,6 +26,7 @@ CAMLprim value win_findfirst(name)
   value valname = Val_unit;
   value valh = Val_unit;
 
+  caml_unix_check_path(name, "opendir");
   Begin_roots2 (valname,valh);
     h = FindFirstFile(String_val(name),&fileinfo);
     if (h == INVALID_HANDLE_VALUE) {
@@ -47,8 +47,7 @@ CAMLprim value win_findfirst(name)
   return v;
 }
 
-CAMLprim value win_findnext(valh)
-     value valh;
+CAMLprim value win_findnext(value valh)
 {
   WIN32_FIND_DATA fileinfo;
   BOOL retcode;
@@ -66,8 +65,7 @@ CAMLprim value win_findnext(valh)
   return copy_string(fileinfo.cFileName);
 }
 
-CAMLprim value win_findclose(valh)
-     value valh;
+CAMLprim value win_findclose(value valh)
 {
   if (! FindClose(Handle_val(valh))) {
     win32_maperr(GetLastError());
author	Xavier Leroy <xavier.leroy@inria.fr>	2015-11-11 17:23:40 +0100
committer	Xavier Leroy <xavier.leroy@inria.fr>	2015-11-11 17:23:40 +0100
commit	9dfa69e54698842ece80ee0ac11aa6ede1f2a1b4 (patch)
tree	da0a1ef1766b46a6ef14966fd6ad9f1f9aec427a
parent	dc043a7b6262df0d33fb585b123052739347e373 (diff)
download	ocaml-9dfa69e54698842ece80ee0ac11aa6ede1f2a1b4.tar.gz