Hi,
when loading a linux binary, the kernel could leak MAXPATHLEN bytes.
Index: linux_exec.c
===================================================================
RCS file: /cvs/src/sys/compat/linux/linux_exec.c,v
retrieving revision 1.38
diff -u -r1.38 linux_exec.c
--- linux_exec.c 3 Nov 2013 13:52:44 -0000 1.38
+++ linux_exec.c 1 Dec 2013 17:33:55 -0000
@@ -227,9 +227,10 @@
if (itp) {
if ((error = emul_find(p, NULL, linux_emul_path, itp, &bp, 0)))
return (error);
- if ((error = copystr(bp, itp, MAXPATHLEN, &len)))
- return (error);
+ error = copystr(bp, itp, MAXPATHLEN, &len);
free(bp, M_TEMP);
+ if (error)
+ return (error);
}
epp->ep_emul = &emul_linux_elf;
*pos = ELF32_NO_ADDR;
emul_find() allocates bp, and if the copystr() fails, bp is lost.
However, there's apparently no reason to fail here, since bp isn't
larger than MAXPATHLEN and is NUL-terminated.
While here, also fix a typo in a comment:
Index: linux_exec.c
===================================================================
RCS file: /cvs/src/sys/compat/linux/linux_exec.c,v
retrieving revision 1.38
diff -u -r1.38 linux_exec.c
--- linux_exec.c 3 Nov 2013 13:52:44 -0000 1.38
+++ linux_exec.c 2 Dec 2013 17:40:11 -0000
@@ -218,7 +218,7 @@
* If this is a static binary, do not allow it to run, as it
* has not been identified. We'll give non-static binaries a
* chance to run, as the Linux ld.so name is usually unique
- * enough to clear any amibiguity.
+ * enough to clear any ambiguity.
*/
if (itp == NULL)
return (EINVAL);
Ok/Comments?
