summaryrefslogtreecommitdiffstats
path: root/cpukit/libmisc/shell
diff options
context:
space:
mode:
authorSebastian Huber <sebastian.huber@embedded-brains.de>2022-03-15 07:24:55 +0100
committerSebastian Huber <sebastian.huber@embedded-brains.de>2022-03-16 07:35:27 +0100
commitb837c8386954b2aff5ee563ffec4383cb4052a43 (patch)
tree0395dc4c771a0d8bca2c19fe15ac9502c5cdcedc /cpukit/libmisc/shell
parentbsps/irq: Improve affinity set handling (diff)
downloadrtems-b837c8386954b2aff5ee563ffec4383cb4052a43.tar.bz2
shell: Avoid potential stack corruption
The rtems_shell_init() passed the address of a stack variable (exit_code) to rtems_shell_run(). If wait == false, then the stack variable goes out of scope but may be accessed by the created shell thread. The rtems_shell_script() was affected by the same problem. Close #4629.
Diffstat (limited to 'cpukit/libmisc/shell')
-rw-r--r--cpukit/libmisc/shell/shell.c8
1 files changed, 1 insertions, 7 deletions
diff --git a/cpukit/libmisc/shell/shell.c b/cpukit/libmisc/shell/shell.c
index 1e5962b1e3..3268bfe4f5 100644
--- a/cpukit/libmisc/shell/shell.c
+++ b/cpukit/libmisc/shell/shell.c
@@ -1149,7 +1149,6 @@ static rtems_status_code rtems_shell_run (
const char *output,
bool output_append,
rtems_id wake_on_end,
- int *exit_code,
bool echo,
rtems_shell_login_check_t login_check
)
@@ -1202,7 +1201,6 @@ static rtems_status_code rtems_shell_run (
shell_env->parent_stdout = stdout;
shell_env->parent_stderr = stderr;
shell_env->wake_on_end = wake_on_end;
- shell_env->exit_code = exit_code;
shell_env->login_check = login_check;
shell_env->uid = getuid();
shell_env->gid = getgid();
@@ -1229,7 +1227,7 @@ static rtems_status_code rtems_shell_run (
sc = rtems_event_receive (RTEMS_EVENT_1, RTEMS_WAIT, 0, &out);
}
- shell_std_debug("run: end: sc:%d ec:%d\n", sc, *exit_code);
+ shell_std_debug("run: end: sc:%d\n", sc);
return sc;
}
@@ -1245,7 +1243,6 @@ rtems_status_code rtems_shell_init(
)
{
rtems_id to_wake = RTEMS_ID_NONE;
- int exit_code = 0;
if ( wait )
to_wake = rtems_task_self();
@@ -1261,7 +1258,6 @@ rtems_status_code rtems_shell_init(
"stdout", /* output */
false, /* output_append */
to_wake, /* wake_on_end */
- &exit_code, /* exit code of command */
false, /* echo */
login_check /* login check */
);
@@ -1279,7 +1275,6 @@ rtems_status_code rtems_shell_script (
)
{
rtems_id to_wake = RTEMS_ID_NONE;
- int exit_code = 0;
rtems_status_code sc;
shell_std_debug("script: in: %s out: %s\n", input, output);
@@ -1298,7 +1293,6 @@ rtems_status_code rtems_shell_script (
output, /* output */
output_append, /* output_append */
to_wake, /* wake_on_end */
- &exit_code, /* exit_code */
echo, /* echo */
NULL /* login check */
);