Re: [PATCH v3] exec: load_script: Do not exec truncated interpreter path

From: Kees Cook
Date: Fri Feb 15 2019 - 11:08:33 EST

On Fri, Feb 15, 2019 at 7:55 AM Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, Feb 14, 2019 at 10:15 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > The only way we know the interpreter wasn't truncated in the
> > no-newline case is if we see whitespace after first skipping any
> > leading whitespace, and it seemed really ugly to add a special scan
> > there.
> No, much easier (and likely better code too), to just use 'memchr()'.
> What's wrong with this simple and fairly self-describing patch?
> And I'll rather add a few lines due to helper functions with names to
> make it more legible, rather than code in that already fairly long
> existing function.

This fails to notice truncation when there is leading whitespace.

And I'm happy to add helper functions. We just have to pick which mess
we want to have. :)

Kees Cook