From 1f78ddd5719d50d3af7140066316932ef00044cf Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Sun, 28 Aug 2016 21:12:05 +0200
Subject: Fix exec crash when setexecdata has never been called

or called with a small array.

This notably happens when using a sub-exec, see BZ #48919.

* exec/hashexec.c (check_hashbang): Check std_nports before accessing
std_ports.
---
 exec/hashexec.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'exec')

diff --git a/exec/hashexec.c b/exec/hashexec.c
index e53d2eea..6337f0a4 100644
--- a/exec/hashexec.c
+++ b/exec/hashexec.c
@@ -97,22 +97,24 @@ check_hashbang (struct execdata *e,
       mach_port_t port = ((which < nports &&
 			   portarray[which] != MACH_PORT_NULL)
 			  ? portarray[which] :
-			  (flags & EXEC_DEFAULTS) ? std_ports[which]
-			  : MACH_PORT_NULL);
+			  (flags & EXEC_DEFAULTS && which < std_nports)
+				? std_ports[which]
+				: MACH_PORT_NULL);
 
       /* Reauthenticate dir ports if they are the defaults.  */
       switch (which)
 	{
 	case INIT_PORT_CRDIR:
 	  /* If secure, always use the default root.  */
-	  if ((flags & EXEC_SECURE) ||
-	      port == std_ports[which])
+	  if ((which < std_nports && flags & EXEC_SECURE) ||
+	      (which < std_nports && port == std_ports[which]))
 	    return (reauthenticate (std_ports[which], &user_crdir) ?:
 		    (*operate) (user_crdir));
 	  break;
 	case INIT_PORT_CWDIR:
 	  /* If secure, reauthenticate cwd whether default or given.  */
-	  if ((flags & EXEC_SECURE) || port == std_ports[which])
+	  if ((flags & EXEC_SECURE) ||
+	      (which < std_nports && port == std_ports[which]))
 	    return (reauthenticate (port, &user_cwdir) ?:
 		    (*operate) (user_cwdir));
 	  break;
-- 
cgit v1.2.3