Author: alc
Date: Wed Jul 28 04:47:40 2010
New Revision: 210555
URL: http://svn.freebsd.org/changeset/base/210555
Log:
The interpreter name should no longer be treated as a buffer that can be
overwritten. (This change should have been included in r210545.)
Submitted by: kib
Modified:
head/sys/amd64/linux32/linux32_sysvec.c
head/sys/i386/linux/linux_sysvec.c
head/sys/kern/kern_exec.c
head/sys/sys/imgact.h
Modified: head/sys/amd64/linux32/linux32_sysvec.c
==============================================================================
--- head/sys/amd64/linux32/linux32_sysvec.c Tue Jul 27 23:03:50 2010
(r210554)
+++ head/sys/amd64/linux32/linux32_sysvec.c Wed Jul 28 04:47:40 2010
(r210555)
@@ -804,7 +804,7 @@ exec_linux_imgact_try(struct image_param
{
const char *head = (const char *)imgp->image_header;
char *rpath;
- int error = -1, len;
+ int error = -1;
/*
* The interpreter for shell scripts run from a linux binary needs
@@ -821,18 +821,12 @@ exec_linux_imgact_try(struct image_param
linux_emul_convpath(FIRST_THREAD_IN_PROC(imgp->proc),
imgp->interpreter_name, UIO_SYSSPACE, &rpath, 0,
AT_FDCWD);
- if (rpath != NULL) {
- len = strlen(rpath) + 1;
-
- if (len <= MAXSHELLCMDLEN) {
- memcpy(imgp->interpreter_name, rpath,
- len);
- }
- free(rpath, M_TEMP);
- }
+ if (rpath != NULL)
+ imgp->args->fname_buf =
+ imgp->interpreter_name = rpath;
}
}
- return(error);
+ return (error);
}
/*
Modified: head/sys/i386/linux/linux_sysvec.c
==============================================================================
--- head/sys/i386/linux/linux_sysvec.c Tue Jul 27 23:03:50 2010
(r210554)
+++ head/sys/i386/linux/linux_sysvec.c Wed Jul 28 04:47:40 2010
(r210555)
@@ -904,7 +904,7 @@ exec_linux_imgact_try(struct image_param
{
const char *head = (const char *)imgp->image_header;
char *rpath;
- int error = -1, len;
+ int error = -1;
/*
* The interpreter for shell scripts run from a linux binary needs
@@ -920,17 +920,12 @@ exec_linux_imgact_try(struct image_param
if ((error = exec_shell_imgact(imgp)) == 0) {
linux_emul_convpath(FIRST_THREAD_IN_PROC(imgp->proc),
imgp->interpreter_name, UIO_SYSSPACE, &rpath, 0,
AT_FDCWD);
- if (rpath != NULL) {
- len = strlen(rpath) + 1;
-
- if (len <= MAXSHELLCMDLEN) {
- memcpy(imgp->interpreter_name, rpath, len);
- }
- free(rpath, M_TEMP);
- }
+ if (rpath != NULL)
+ imgp->args->fname_buf =
+ imgp->interpreter_name = rpath;
}
}
- return(error);
+ return (error);
}
/*
Modified: head/sys/kern/kern_exec.c
==============================================================================
--- head/sys/kern/kern_exec.c Tue Jul 27 23:03:50 2010 (r210554)
+++ head/sys/kern/kern_exec.c Wed Jul 28 04:47:40 2010 (r210555)
@@ -1175,6 +1175,10 @@ exec_free_args(struct image_args *args)
PATH_MAX + ARG_MAX);
args->buf = NULL;
}
+ if (args->fname_buf != NULL) {
+ free(args->fname_buf, M_TEMP);
+ args->fname_buf = NULL;
+ }
}
/*
Modified: head/sys/sys/imgact.h
==============================================================================
--- head/sys/sys/imgact.h Tue Jul 27 23:03:50 2010 (r210554)
+++ head/sys/sys/imgact.h Wed Jul 28 04:47:40 2010 (r210555)
@@ -42,6 +42,7 @@ struct image_args {
char *begin_envv; /* beginning of envv in buf */
char *endp; /* current `end' pointer of arg & env strings */
char *fname; /* pointer to filename of executable (system
space) */
+ char *fname_buf; /* pointer to optional malloc(M_TEMP) buffer */
int stringspace; /* space left in arg & env buffer */
int argc; /* count of argument strings */
int envc; /* count of environment strings */
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
