diff options
| author | Jonathan Gray <jsg@cvs.openbsd.org> | 2015-04-30 11:15:29 +0000 |
|---|---|---|
| committer | Jonathan Gray <jsg@cvs.openbsd.org> | 2015-04-30 11:15:29 +0000 |
| commit | 3eb0bcd0c007ba8b8fa38664b0171e34aa16c502 (patch) | |
| tree | f5a2e30e335441e2eab944b231f2476f1fe97f43 /sys/kern | |
| parent | 652989fabdb36970b287268b01ef97bc61ce5350 (diff) | |
Now we use p_filesz - 1 to test for NUL check that p_filesz is
at least two and while here allow the upper bound to be
MAXPATHLEN by changing a >= to > as suggested by krw@ in a thread
on tech where Maxime Villard proposed additional PT_INTERP checks.
tested by and ok guenther@
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/exec_elf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c index 76fd2d23eb8..bc827f45011 100644 --- a/sys/kern/exec_elf.c +++ b/sys/kern/exec_elf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exec_elf.c,v 1.115 2015/04/30 03:11:21 guenther Exp $ */ +/* $OpenBSD: exec_elf.c,v 1.116 2015/04/30 11:15:28 jsg Exp $ */ /* * Copyright (c) 1996 Per Fogelstrom @@ -552,7 +552,7 @@ ELFNAME2(exec,makecmds)(struct proc *p, struct exec_package *epp) for (i = 0, pp = ph; i < eh->e_phnum; i++, pp++) { if (pp->p_type == PT_INTERP && !interp) { - if (pp->p_filesz >= MAXPATHLEN) + if (pp->p_filesz < 2 || pp->p_filesz > MAXPATHLEN) goto bad; interp = pool_get(&namei_pool, PR_WAITOK); if ((error = ELFNAME(read_from)(p, epp->ep_vp, |