|
Lines 53-68
Link Here
|
| 53 |
// Note that we deliberately don't free the malloc'd memory. See |
53 |
// Note that we deliberately don't free the malloc'd memory. See |
| 54 |
// comment at call site. |
54 |
// comment at call site. |
| 55 |
|
55 |
|
| 56 |
static HChar* read_dot_valgrindrc ( HChar* dir ) |
56 |
static HChar* read_dot_valgrindrc ( HChar* dir, Bool checkmode ) |
| 57 |
{ |
57 |
{ |
| 58 |
Int n; |
58 |
Int n; |
| 59 |
SysRes fd; |
59 |
SysRes sr, fd; |
| 60 |
Long size; |
60 |
Long size; |
| 61 |
HChar* f_clo = NULL; |
61 |
HChar* f_clo = NULL; |
| 62 |
HChar filename[VKI_PATH_MAX]; |
62 |
HChar filename[VKI_PATH_MAX]; |
|
|
63 |
struct vg_stat st; |
| 63 |
|
64 |
|
| 64 |
VG_(snprintf)(filename, VKI_PATH_MAX, "%s/.valgrindrc", |
65 |
VG_(snprintf)(filename, VKI_PATH_MAX, "%s/.valgrindrc", |
| 65 |
( NULL == dir ? "" : dir ) ); |
66 |
( NULL == dir ? "" : dir ) ); |
|
|
67 |
|
| 68 |
|
| 69 |
if (checkmode) { |
| 70 |
sr = VG_(stat)(filename, &st); |
| 71 |
|
| 72 |
// Do not read the file if it couldn't be stat'd, if it is not owned by the |
| 73 |
// current user or if it is world writable (CVE-2008-4865) |
| 74 |
if (sr.isError || (VG_(geteuid)() != st.st_uid) || (st.st_mode & VKI_S_IWOTH)) |
| 75 |
{ |
| 76 |
return NULL; |
| 77 |
} |
| 78 |
} |
| 79 |
|
| 80 |
|
| 66 |
fd = VG_(open)(filename, 0, VKI_S_IRUSR); |
81 |
fd = VG_(open)(filename, 0, VKI_S_IRUSR); |
| 67 |
if ( !fd.isError ) { |
82 |
if ( !fd.isError ) { |
| 68 |
size = VG_(fsize)(fd.res); |
83 |
size = VG_(fsize)(fd.res); |
|
Lines 205-211
Link Here
|
| 205 |
// VG_(malloc)(). We do not free f1_clo and f2_clo as they get |
220 |
// VG_(malloc)(). We do not free f1_clo and f2_clo as they get |
| 206 |
// put into VG_(args_for_valgrind) and so must persist. |
221 |
// put into VG_(args_for_valgrind) and so must persist. |
| 207 |
HChar* home = VG_(getenv)("HOME"); |
222 |
HChar* home = VG_(getenv)("HOME"); |
| 208 |
HChar* f1_clo = home ? read_dot_valgrindrc( home ) : NULL; |
223 |
HChar* f1_clo = home ? read_dot_valgrindrc( home, False ) : NULL; |
| 209 |
HChar* env_clo = VG_(strdup)( "commandline.sua.4", |
224 |
HChar* env_clo = VG_(strdup)( "commandline.sua.4", |
| 210 |
VG_(getenv)(VALGRIND_OPTS) ); |
225 |
VG_(getenv)(VALGRIND_OPTS) ); |
| 211 |
HChar* f2_clo = NULL; |
226 |
HChar* f2_clo = NULL; |
|
Lines 216-222
Link Here
|
| 216 |
HChar cwd[VKI_PATH_MAX+1]; |
231 |
HChar cwd[VKI_PATH_MAX+1]; |
| 217 |
Bool cwd_ok = VG_(get_startup_wd)(cwd, VKI_PATH_MAX); |
232 |
Bool cwd_ok = VG_(get_startup_wd)(cwd, VKI_PATH_MAX); |
| 218 |
f2_clo = ( (cwd_ok && VG_STREQ(home, cwd)) |
233 |
f2_clo = ( (cwd_ok && VG_STREQ(home, cwd)) |
| 219 |
? NULL : read_dot_valgrindrc(".") ); |
234 |
? NULL : read_dot_valgrindrc(".", True) ); |
| 220 |
} |
235 |
} |
| 221 |
|
236 |
|
| 222 |
if (f1_clo) add_args_from_string( f1_clo ); |
237 |
if (f1_clo) add_args_from_string( f1_clo ); |
