CVS commit: [netbsd-8] src/sys/kern

Sun, 04 Aug 2019 04:26:01 -0700 

Module Name:    src
Committed By:   martin
Date:           Sun Aug  4 11:25:44 UTC 2019

Modified Files:
        src/sys/kern [netbsd-8]: kern_exec.c

Log Message:
Pull up the following revisions, requested by maxv in ticket #1324:

        sys/kern/kern_exec.c    1.469-1.478 (via patch)

Fix off-by-one and info leak.


To generate a diff of this commit:
cvs rdiff -u -r1.442.4.4 -r1.442.4.5 src/sys/kern/kern_exec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_exec.c
diff -u src/sys/kern/kern_exec.c:1.442.4.4 src/sys/kern/kern_exec.c:1.442.4.5
--- src/sys/kern/kern_exec.c:1.442.4.4	Wed Nov 21 11:58:32 2018
+++ src/sys/kern/kern_exec.c	Sun Aug  4 11:25:43 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_exec.c,v 1.442.4.4 2018/11/21 11:58:32 martin Exp $	*/
+/*	$NetBSD: kern_exec.c,v 1.442.4.5 2019/08/04 11:25:43 martin Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -59,7 +59,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.442.4.4 2018/11/21 11:58:32 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.442.4.5 2019/08/04 11:25:43 martin Exp $");
 
 #include "opt_exec.h"
 #include "opt_execfmt.h"
@@ -541,6 +541,12 @@ sys_execve(struct lwp *l, const struct s
 	    SCARG(uap, envp), execve_fetch_element);
 }
 
+/*
+ * Copy the user or kernel supplied upath to the allocated pathbuffer pbp
+ * making it absolute in the process, by prepending the current working
+ * directory if it is not. If offs is supplied it will contain the offset
+ * where the original supplied copy of upath starts.
+ */
 int
 sys_fexecve(struct lwp *l, const struct sys_fexecve_args *uap,
     register_t *retval)
@@ -610,11 +616,8 @@ makepathbuf(struct lwp *l, const char *u
 
 	path = PNBUF_GET();
 	error = copyinstr(upath, path, MAXPATHLEN, &len);
-	if (error) {
-		PNBUF_PUT(path);
-		DPRINTF(("%s: copyin path @%p %d\n", __func__, upath, error));
-		return error;
-	}
+	if (error)
+		goto err;
 
 	if (path[0] == '/') {
 		*offs = 0;
@@ -622,8 +625,10 @@ makepathbuf(struct lwp *l, const char *u
 	}
 
 	len++;
-	if (len + 1 >= MAXPATHLEN)
-		goto out;
+	if (len + 1 >= MAXPATHLEN) {
+		error = ENAMETOOLONG;
+		goto err;
+	}
 	bp = path + MAXPATHLEN - len;
 	memmove(bp, path, len);
 	*(--bp) = '/';
@@ -634,19 +639,19 @@ makepathbuf(struct lwp *l, const char *u
 	    GETCWD_CHECK_ACCESS, l);
 	rw_exit(&cwdi->cwdi_lock);
 
-	if (error) {
-		DPRINTF(("%s: getcwd_common path %s %d\n", __func__, path,
-		    error));
-		goto out;
-	}
+	if (error)
+		goto err;
 	tlen = path + MAXPATHLEN - bp;
 
 	memmove(path, bp, tlen);
-	path[tlen] = '\0';
+	path[tlen - 1] = '\0';
 	*offs = tlen - len;
 out:
 	*pbp = pathbuf_assimilate(path);
 	return 0;
+err:
+	PNBUF_PUT(path);
+	return error;
 }
 
 vaddr_t
@@ -672,7 +677,7 @@ execve_loadvm(struct lwp *l, const char 
 	struct proc		*p;
 	char			*dp;
 	u_int			modgen;
-	size_t			offs = 0;	// XXX: GCC
+	size_t			offs;
 
 	KASSERT(data != NULL);
 
@@ -2088,6 +2093,7 @@ spawn_return(void *arg)
 	/* handle posix_spawnattr */
 	if (spawn_data->sed_attrs != NULL) {
 		struct sigaction sigact;
+		memset(&sigact, 0, sizeof(sigact));
 		sigact._sa_u._sa_handler = SIG_DFL;
 		sigact.sa_flags = 0;

Reply via email to