Harden the security by not evaluating the PATH variable in addr2line implementation

2026-01-31 08:42:09 +00:00 · 2017-04-19 22:28:45 +03:00
parent 96deb9688a
commit fb29d75b3a
2 changed files with 20 additions and 5 deletions
--- a/build/has_addr2line.cpp
+++ b/build/has_addr2line.cpp
@@ -11,6 +11,12 @@
 #include <sys/wait.h>

 int main() {
-    std::string s = "addr2line -h";
+
+#ifdef BOOST_STACKTRACE_ADDR2LINE_LOCATION
+    std::string s = BOOST_STACKTRACE_ADDR2LINE_LOCATION " -h";
+#else
+    std::string s = "/usr/bin/addr2line -h";
+#endif
+
    return std::system(s.c_str());
 }
--- a/include/boost/stacktrace/detail/addr2line_impls.hpp
+++ b/include/boost/stacktrace/detail/addr2line_impls.hpp
@@ -34,7 +34,13 @@ public:
        , pid(0)
    {
        int pdes[2];
-        char prog_name[] = "addr2line";
+        #ifdef BOOST_STACKTRACE_ADDR2LINE_LOCATION
+        // TODO: static_assert that BOOST_STACKTRACE_ADDR2LINE_LOCATION is an absolute path!
+        char prog_name[] = BOOST_STACKTRACE_ADDR2LINE_LOCATION ;
+        #else
+        char prog_name[] = "/usr/bin/addr2line";
+        #endif
+
        char* argp[] = {
            prog_name,
            const_cast<char*>(flag),
@@ -50,19 +56,22 @@ public:
        pid = ::fork();
        switch (pid) {
        case -1:
-            // failed
+            // Failed...
            ::close(pdes[0]);
            ::close(pdes[1]);
            return;

        case 0:
-            // we are the child
+            // We are the child.
            ::close(STDERR_FILENO);
            ::close(pdes[0]);
            if (pdes[1] != STDOUT_FILENO) {
                ::dup2(pdes[1], STDOUT_FILENO);
            }
-            ::execvp(prog_name, argp);
+
+            // Do not use `execlp()`, `execvp()`, and `execvpe()` here!
+            // `exec*p*` functions are vulnerable to PATH variable evaluation attacks.
+            ::execv(prog_name, argp);
            ::_exit(127);
        }