xref: /freebsd/tests/sys/kern/execve_overflow.c (revision 41b03932e59068decf03b7975889841f71c73ec4) 
1 /*
2  * Copyright (c) 2026 Mark Johnston <markj@FreeBSD.org>
3  *
4  * SPDX-License-Identifier: BSD-2-Clause
5  */
6 
7 /*
8  * A minimal regression test for FreeBSD-SA-26:13.exec.
9  */
10 
11 #include <err.h>
12 #include <fcntl.h>
13 #include <limits.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <unistd.h>
17 
18 #define	SCRIPTNAME	"script"
19 #define	SCRIPTBODY	"#!/bin/sh\nexit 0\n"
20 
21 int
main(void)22 main(void)
23 {
24 	char *argv;
25 	size_t size;
26 	int fd;
27 
28 	fd = open(SCRIPTNAME, O_WRONLY | O_CREAT | O_TRUNC, 0700);
29 	if (fd == -1)
30 		err(1, "open");
31 	if (write(fd, SCRIPTBODY, sizeof(SCRIPTBODY) - 1) !=
32 	    sizeof(SCRIPTBODY) - 1)
33 		err(1, "write");
34 	close(fd);
35 
36 	size = ARG_MAX / 2;
37 	argv = malloc(size);
38 	if (argv == NULL)
39 		err(1, "malloc");
40 	memset(argv, 'a', size - 1);
41 	argv[size - 1] = '\0';
42 
43 	execve(SCRIPTNAME, (char *[]){ argv, NULL }, (char *[]){ NULL });
44 
45 	exit(1);
46 }
47