improve size checking of public api

sekiguchi-nagisa · May 25, 2024 · f5e52ca · f5e52ca
1 parent a7e304b
commit f5e52ca
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/include/arsh/arsh.h b/include/arsh/arsh.h
@@ -311,7 +311,7 @@ static inline int ARState_loadAndEval(ARState *st, const char *sourceName, ARErr
  * @return
  * exit status of executed command (0~255).
  * if command not found, return 1.
- * if st or argv is null, return -1
+ * if st or argv is null or too large, return -1
  */
 AR_PUBLIC_API(int) ARState_exec(ARState *st, char *const *argv);
 

diff --git a/src/arsh.cpp b/src/arsh.cpp
@@ -219,8 +219,9 @@ int ARState_setArguments(ARState *st, char *const *args) {
   auto value = Value::create<ArrayObject>(st->typePool.get(TYPE::StringArray));
   if (args) {
     auto &argsObj = typeAs<ArrayObject>(value);
-    for (unsigned int i = 0; args[i] != nullptr; i++) {
-      if (!argsObj.append(*st, Value::createStr(args[i]))) {
+    for (; *args != nullptr; args++) {
+      if (const StringRef arg = *args;
+          arg.size() > SYS_LIMIT_STRING_MAX || !argsObj.append(*st, Value::createStr(arg))) {
         return -1;
       }
     }
@@ -447,7 +448,11 @@ int ARState_exec(ARState *st, char *const *argv) {
 
   std::vector<Value> values;
   for (; *argv != nullptr; argv++) {
-    values.push_back(Value::createStr(*argv));
+    const StringRef arg = *argv;
+    if (arg.size() > SYS_LIMIT_STRING_MAX || values.size() == SYS_LIMIT_ARRAY_MAX) {
+      return -1;
+    }
+    values.push_back(Value::createStr(arg));
   }
   VM::execCommand(*st, std::move(values), false);
   return st->getMaskedExitStatus();