MFC r292676:

Only allow one PT_INTERP ELF program header. This also fixes a potential memory leak for interp_buf.
author: jtl <jtl@FreeBSD.org> 2016-01-07 15:37:17 +0000
committer: jtl <jtl@FreeBSD.org> 2016-01-07 15:37:17 +0000
commit: 8c4e8fd3fd280f39cdbd53cf5317ec7cb2bb7914 (patch)
tree: c1a3d67e3dd2b45078385538eba8674c12b48ae9 /sys/kern
parent: c801c4e6745984c5ee9c095ef03152d01de5bd60 (diff)
download: FreeBSD-src-8c4e8fd3fd280f39cdbd53cf5317ec7cb2bb7914.zip
FreeBSD-src-8c4e8fd3fd280f39cdbd53cf5317ec7cb2bb7914.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index eaa3ee1..584b5da 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -783,6 +783,11 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
 				error = ENOEXEC;
 				goto ret;
 			}
+			if (interp != NULL) {
+				uprintf("Multiple PT_INTERP headers\n");
+				error = ENOEXEC;
+				goto ret;
+			}
 			interp_name_len = phdr[i].p_filesz;
 			if (phdr[i].p_offset > PAGE_SIZE ||
 			    interp_name_len > PAGE_SIZE - phdr[i].p_offset) {
author	jtl <jtl@FreeBSD.org>	2016-01-07 15:37:17 +0000
committer	jtl <jtl@FreeBSD.org>	2016-01-07 15:37:17 +0000
commit	8c4e8fd3fd280f39cdbd53cf5317ec7cb2bb7914 (patch)
tree	c1a3d67e3dd2b45078385538eba8674c12b48ae9 /sys/kern
parent	c801c4e6745984c5ee9c095ef03152d01de5bd60 (diff)
download	FreeBSD-src-8c4e8fd3fd280f39cdbd53cf5317ec7cb2bb7914.zip FreeBSD-src-8c4e8fd3fd280f39cdbd53cf5317ec7cb2bb7914.tar.gz