br0kenpixel/ReZygisk
1
0
Fork 0
mirror of https://github.com/PerformanC/ReZygisk.git synced 2025-09-06 06:37:01 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

fix: fd leak and out-of-bounds access in exec_command

Browse Source 
This commit fixes both fd leak and out-of-bounds access in the "exec_command" function, which can happen when execution of the command fails, leading to crashes on Magisk-rooted devices, and possibly APatch-rooted devices too.
This commit is contained in:
ThePedroo
2024-11-08 17:23:33 -03:00
parent 8892eca4a7
commit 47d46e305c
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
zygiskd/src/utils.c
View File

@@ -347,6 +347,9 @@ bool exec_command(char *restrict buf, size_t len, const char *restrict file, cha
if ((pid = fork()) == -1) { if ((pid = fork()) == -1) {
LOGE("fork: %s\n", strerror(errno)); LOGE("fork: %s\n", strerror(errno));
close(link[0]);
close(link[1]);
return false; return false;
} }
@@ -356,13 +359,20 @@ bool exec_command(char *restrict buf, size_t len, const char *restrict file, cha
close(link[1]); close(link[1]);
execv(file, argv); execv(file, argv);
LOGE("execv failed: %s\n", strerror(errno));
_exit(1);
} else { } else {
close(link[1]); close(link[1]);
int nbytes = read(link[0], buf, len); int nbytes = read(link[0], buf, len);
buf[nbytes - 1] = '\0'; if (nbytes > 0) buf[nbytes - 1] = '\0';
/* INFO: If something went wrong, at least we must ensure it is NULL-terminated */
else buf[0] = '\0';
wait(NULL); wait(NULL);
close(link[0]);
} }
return true; return true;