On Wed, 28 Aug 2013 22:34:26 -0400, Kenneth R Westerback wrote:

> > @@ -552,11 +552,16 @@ ELFNAME2(exec,makecmds)(struct proc *p, 
> >  
> >     for (i = 0, pp = ph; i < eh->e_phnum; i++, pp++) {
> >             if (pp->p_type == PT_INTERP && !interp) {
> > -                   if (pp->p_filesz >= MAXPATHLEN)
> > +                   if (pp->p_filesz < 2 || pp->p_filesz >= MAXPATHLEN)
> 
> Still think you're depriving yourself of one character out by using
> ">=" instead of ">".

I'm not sure about this.  We want to limit the path length to
MAXPATHLEN-1 since we include the NUL terminator in MAXPATHLEN.
The buffer we get from namei_pool is MAXPATHLEN long and the
read_from() function just calls vn_rdwr().  If we allow interp to
be MAXPATHLEN, is there any guarantee that it will end in a NUL
byte?

 - todd

Reply via email to