Module Name: src
Committed By: christos
Date: Sat Dec 21 14:41:02 UTC 2013
Modified Files:
src/sys/kern: exec_elf.c
Log Message:
Consistency checks for the length of the interpreter (the length includes
the trailing NUL): make sure it is not empty and has the proper length.
>From Maxime Villard
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 src/sys/kern/exec_elf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/exec_elf.c
diff -u src/sys/kern/exec_elf.c:1.51 src/sys/kern/exec_elf.c:1.52
--- src/sys/kern/exec_elf.c:1.51 Thu Nov 14 07:07:11 2013
+++ src/sys/kern/exec_elf.c Sat Dec 21 09:41:02 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: exec_elf.c,v 1.51 2013/11/14 12:07:11 martin Exp $ */
+/* $NetBSD: exec_elf.c,v 1.52 2013/12/21 14:41:02 christos Exp $ */
/*-
* Copyright (c) 1994, 2000, 2005 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.51 2013/11/14 12:07:11 martin Exp $");
+__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.52 2013/12/21 14:41:02 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_pax.h"
@@ -704,12 +704,16 @@ exec_elf_makecmds(struct lwp *l, struct
for (i = 0; i < eh->e_phnum; i++) {
pp = &ph[i];
if (pp->p_type == PT_INTERP) {
- if (pp->p_filesz >= MAXPATHLEN) {
+ if (pp->p_filesz < 2 || pp->p_filesz > MAXPATHLEN) {
error = ENOEXEC;
goto bad;
}
interp = PNBUF_GET();
- interp[0] = '\0';
+ /* Ensure interp is NUL-terminated and of the expected length */
+ if (strnlen(interp, pp->p_filesz) != pp->p_filesz - 1) {
+ error = ENOEXEC;
+ goto bad;
+ }
if ((error = exec_read_from(l, epp->ep_vp,
pp->p_offset, interp, pp->p_filesz)) != 0)
goto bad;
