Package: foremost
Version: 1.5.7-9.1
Running "foremost -T -c something" results in undefined behavior.
First, it calls `fopen()` with NULL as pathname. Second, it uses
argv[i] with i > argc. In my case, it tries to read files with
pathnames as environment variables. See strace:
$ strace --trace=openat foremost -T -c something
...
openat(AT_FDCWD, "foremost", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "-T", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address)
openat(AT_FDCWD, "SHELL=/bin/bash", O_RDONLY) = -1 ENOENT (No such
file or directory)
<several lines similar to above>
...
This is because the program doesn't check if "-c something" are the
last arguments when skipping them at <main.c:274>
The following patch fixes it:
--- a/main.c
+++ b/main.c
@@ -272,6 +272,9 @@
{
/*jump past the conf file so we don't process it.*/
argv+=2;
+ if (*argv == NULL) {
+ break;
+ }
}
testFile = fopen(*argv, "rb");
if (testFile)
--- a/main.c
+++ b/main.c
@@ -272,6 +272,9 @@
{
/*jump past the conf file so we don't process it.*/
argv+=2;
+ if (*argv == NULL) {
+ break;
+ }
}
testFile = fopen(*argv, "rb");
if (testFile)
