···

       
172
       
172
       
 
       
int main(int argc, char **argv) {

     

       
173
       
173
       
 
       
    ASSERT(argc >= 1);

     

       
174
       
174
       
 
       


     

       
175
       
175
       
+
       
    // argv[0] goes into a lot of places, to a far greater degree than other elements

     

       
176
       
176
       
+
       
    // of argv. glibc has had buffer overflows relating to argv[0], eg CVE-2023-6246.

     

       
177
       
177
       
+
       
    // Since we expect the wrappers to be invoked from either $PATH or /run/wrappers/bin,

     

       
178
       
178
       
+
       
    // there should be no reason to pass any particularly large values here, so we can

     

       
179
       
179
       
+
       
    // be strict for strictness' sake.

     

       
180
       
180
       
+
       
    ASSERT(strlen(argv[0]) < 512);

     

       
181
       
181
       
+
       


     

       
175
       
182
       
 
       
    int debug = getenv(wrapper_debug) != NULL;

     

       
176
       
183
       
 
       


     

       
177
       
184
       
 
       
    // Drop insecure environment variables explicitly