1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
fix building when ARG_MAX is not defined
patch by Tom-Steve Watzke
http://bugs.gentoo.org/225341
--- a/rexecd/rexecd.c
+++ b/rexecd/rexecd.c
@@ -85,6 +85,7 @@ char rcsid[] =
#include <paths.h>
#include <grp.h>
#include <arpa/inet.h>
+#include <limits.h>
#ifdef USE_SHADOW
@@ -233,7 +234,8 @@ static struct pam_conv PAM_conversation = {
static void
doit(struct sockaddr_in *fromp)
{
- char cmdbuf[ARG_MAX+1];
+ char *cmdbuf;
+ int cmdbuflen;
char user[16], pass[16];
struct passwd *pwd;
int s = -1;
@@ -252,6 +254,15 @@ doit(struct sockaddr_in *fromp)
#endif
#endif /* USE_PAM */
+ cmdbuflen = sysconf(_SC_ARG_MAX);
+ if (cmdbuflen < _POSIX_ARG_MAX)
+ cmdbuflen = _POSIX_ARG_MAX;
+ cmdbuf = malloc(cmdbuflen);
+ if (cmdbuf == NULL) {
+ syslog(LOG_ERR, "unable to malloc(%i) for command buffer: %s", cmdbuflen, strerror(errno));
+ fatal("out of memory\n");
+ }
+
signal(SIGINT, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
@@ -301,7 +312,7 @@ doit(struct sockaddr_in *fromp)
getstr(user, sizeof(user), "username too long\n");
getstr(pass, sizeof(pass), "password too long\n");
- getstr(cmdbuf, sizeof(cmdbuf), "command too long\n");
+ getstr(cmdbuf, cmdbuflen, "command too long\n");
#ifdef USE_PAM
#define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
pam_end(pamh, pam_error); exit(1); \
--- a/rshd/rshd.c
+++ b/rshd/rshd.c
@@ -79,6 +79,7 @@ char rcsid[] =
#include <stdarg.h>
#include <ctype.h>
#include <assert.h>
+#include <limits.h>
#if !(defined(__GLIBC__) && (__GLIBC__ < 2))
#define _check_rhosts_file __check_rhosts_file
@@ -337,7 +338,8 @@ static const char *findhostname(struct sockaddr_in *fromp,
static void
doit(struct sockaddr_in *fromp)
{
- char cmdbuf[ARG_MAX+1];
+ char *cmdbuf;
+ int cmdbuflen;
const char *theshell, *shellname;
char locuser[16], remuser[16];
struct passwd *pwd;
@@ -346,6 +348,15 @@ doit(struct sockaddr_in *fromp)
u_short port;
int pv[2], pid, ifd;
+ cmdbuflen = sysconf(_SC_ARG_MAX);
+ if (cmdbuflen < _POSIX_ARG_MAX)
+ cmdbuflen = _POSIX_ARG_MAX;
+ cmdbuf = malloc(cmdbuflen);
+ if (cmdbuf == NULL) {
+ syslog(LOG_ERR, "unable to malloc(%i) for command buffer: %s", cmdbuflen, strerror(errno));
+ exit(1);
+ }
+
signal(SIGINT, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
@@ -382,7 +393,7 @@ doit(struct sockaddr_in *fromp)
getstr(remuser, sizeof(remuser), "remuser");
getstr(locuser, sizeof(locuser), "locuser");
- getstr(cmdbuf, sizeof(cmdbuf), "command");
+ getstr(cmdbuf, cmdbuflen, "command");
if (!strcmp(locuser, "root")) paranoid = 1;
hostname = findhostname(fromp, remuser, locuser, cmdbuf);
|