diff options
| author | emaste <emaste@FreeBSD.org> | 2017-05-15 14:41:47 +0000 |
|---|---|---|
| committer | emaste <emaste@FreeBSD.org> | 2017-05-15 14:41:47 +0000 |
| commit | 0cb6596133162e0cb090e434e03e02376fc66ec2 (patch) | |
| tree | 394d62e837d68b5a2aa358077770775904e17783 | |
| parent | 054f6b7d3a6ec9d195b41c4d19935754645d676a (diff) | |
| download | FreeBSD-src-0cb6596133162e0cb090e434e03e02376fc66ec2.zip FreeBSD-src-0cb6596133162e0cb090e434e03e02376fc66ec2.tar.gz | |
MFC r315685: tighten buffer bounds in imgact_binmisc_populate_interp
We must ensure there's space for the terminating null in the temporary
buffer in imgact_binmisc_populate_interp().
Note that there's no buffer overflow here because xbe->xbe_interpreter's
length and null termination is checked in imgact_binmisc_add_entry()
before imgact_binmisc_populate_interp() is called. However, the latter
should correctly enforce its own bounds.
Sponsored by: The FreeBSD Foundation
| -rw-r--r-- | sys/kern/imgact_binmisc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/kern/imgact_binmisc.c b/sys/kern/imgact_binmisc.c index 39af520..d884244 100644 --- a/sys/kern/imgact_binmisc.c +++ b/sys/kern/imgact_binmisc.c @@ -120,7 +120,7 @@ imgact_binmisc_populate_interp(char *str, imgact_binmisc_entry_t *ibe) sp = str; tp = t; while (*sp != '\0') { if (*sp == ' ' || *sp == '\t') { - if (++len > IBE_INTERP_LEN_MAX) + if (++len >= IBE_INTERP_LEN_MAX) break; *tp++ = ' '; argc++; |
