0004684: linux32/linux64/setarch buffer overflows

[Cristian Cadar]

http://bugs.busybox.net/view.php?id=4684

Test cases:
<full-path>/linux32 -
<full-path>/linux64 -
./setarch "" ""

15: int setarch_main(int argc UNUSED_PARAM, char **argv)
     {
              int pers = -1;
     ...
     retry:
25: if (argv[0][5] == '6') /* linux64 */
             pers = PER_LINUX;
27: else if (argv[0][5] == '3') /* linux32 */
               pers = PER_LINUX32;
29: else if (pers == -1 && argv[1] != NULL) {
             pers = PER_LINUX32;
31: ++argv;
             goto retry;
         }

Consider <full-path>/linux32: one of the root problems is that argv[0]
can be the full path to the program, so testing argv[0][5] is not always
meaningful. 

When <full-path>/linux32 is called, the test on setarch.c:25 fails, as
does the one on line 27. The one on line 29 succeeds, so argv is
incremented, and execution jumps back to line 25. Now argv[0] is "-",
so testing argv[0][5] causes a buffer overflow. The cases for linux64
and setarch are similar.

BTW, I noticed there's no help associated with linux32 and linux64. 
It would be useful to add the help from setarch "Set 32bit uname
emulation" and "Set 64bit uname emulation" respectively.

Thanks,
Cristian