src - OpenBSD base system

diff options


context:
space:
mode:

author	Miod Vallat <miod@cvs.openbsd.org>	2005-12-30 19:46:56 +0000
committer	Miod Vallat <miod@cvs.openbsd.org>	2005-12-30 19:46:56 +0000
commit	59186e41369608855681212e555f620400f125ca (patch)
tree	68f8e875d2639dbfd9d7e9efa05d50a34482d829 /sys
parent	e4021e01bb99e4567a9194ab990184de4e823e19 (diff)

Missing or incorrect header sizes bounds check; ``looks ok'' mickey@

Diffstat (limited to 'sys')

-rw-r--r--

sys/compat/hpux/hppa/hpux_exec.c

-rw-r--r--

sys/compat/hpux/m68k/hpux_exec.c

-rw-r--r--

sys/compat/linux/linux_exec.c

-rw-r--r--

sys/compat/sunos/sunos_exec.c

4 files changed, 14 insertions, 5 deletions

diff --git a/sys/compat/hpux/hppa/hpux_exec.c b/sys/compat/hpux/hppa/hpux_exec.c
index 3a865e041e1..163ce3dbad8 100644
--- a/sys/compat/hpux/hppa/hpux_exec.c
+++ b/sys/compat/hpux/hppa/hpux_exec.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: hpux_exec.c,v 1.2 2005/03/12 18:38:52 mickey Exp $ */

+/* $OpenBSD: hpux_exec.c,v 1.3 2005/12/30 19:46:53 miod Exp $ */

@@ -109,7 +109,7 @@ exec_hpux_makecmds(p, epp)

/* XXX read in the aux header if it was not following the som header */

if (sysid != MID_HPUX && (!(som_ep->som_version == HPUX_SOM_V0 ||

som_ep->som_version == HPUX_SOM_V1) ||

- som_ep->som_auxhdr + sizeof(struct som_aux) < epp->ep_hdrvalid)) {

+ som_ep->som_auxhdr + sizeof(struct som_aux) > epp->ep_hdrvalid)) {

return (error);

}

diff --git a/sys/compat/hpux/m68k/hpux_exec.c b/sys/compat/hpux/m68k/hpux_exec.c
index 1bad2ef2894..ce5b1d26ec9 100644
--- a/sys/compat/hpux/m68k/hpux_exec.c
+++ b/sys/compat/hpux/m68k/hpux_exec.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: hpux_exec.c,v 1.1 2004/07/09 21:33:45 mickey Exp $ */

+/* $OpenBSD: hpux_exec.c,v 1.2 2005/12/30 19:46:55 miod Exp $ */

/* $NetBSD: hpux_exec.c,v 1.8 1997/03/16 10:14:44 thorpej Exp $ */

@@ -102,6 +102,9 @@ exec_hpux_makecmds(p, epp)

short sysid, magic;

int error = ENOEXEC;

+ if (epp->ep_hdrvalid < sizeof(struct hpux_exec))

+ return (ENOEXEC);

magic = HPUX_MAGIC(hpux_ep);

sysid = HPUX_SYSID(hpux_ep);

diff --git a/sys/compat/linux/linux_exec.c b/sys/compat/linux/linux_exec.c
index 7b40114a0ac..b96be60a26b 100644
--- a/sys/compat/linux/linux_exec.c
+++ b/sys/compat/linux/linux_exec.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: linux_exec.c,v 1.23 2004/04/15 00:22:42 tedu Exp $ */

+/* $OpenBSD: linux_exec.c,v 1.24 2005/12/30 19:46:55 miod Exp $ */

/* $NetBSD: linux_exec.c,v 1.13 1996/04/05 00:01:10 christos Exp $ */

/*-

@@ -266,6 +266,9 @@ exec_linux_aout_makecmds(p, epp)

int machtype, magic;

int error = ENOEXEC;

+ if (epp->ep_hdrvalid < sizeof(struct exec))

+ return (ENOEXEC);

magic = LINUX_N_MAGIC(linux_ep);

machtype = LINUX_N_MACHTYPE(linux_ep);

diff --git a/sys/compat/sunos/sunos_exec.c b/sys/compat/sunos/sunos_exec.c
index e6875583eb2..ac79176802c 100644
--- a/sys/compat/sunos/sunos_exec.c
+++ b/sys/compat/sunos/sunos_exec.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: sunos_exec.c,v 1.17 2003/06/02 15:54:31 deraadt Exp $ */

+/* $OpenBSD: sunos_exec.c,v 1.18 2005/12/30 19:46:55 miod Exp $ */

/* $NetBSD: sunos_exec.c,v 1.11 1996/05/05 12:01:47 briggs Exp $ */

@@ -103,6 +103,9 @@ sunos_exec_aout_makecmds(p, epp)

struct sunos_exec *sunmag = epp->ep_hdr;

int error = ENOEXEC;

+ if (epp->ep_hdrvalid < sizeof(struct sunos_exec))

+ return (ENOEXEC);

if(sunmag->a_machtype != SUNOS_M_NATIVE)

return (ENOEXEC);