diff options
author | alc <alc@FreeBSD.org> | 2010-07-28 04:47:40 +0000 |
---|---|---|
committer | alc <alc@FreeBSD.org> | 2010-07-28 04:47:40 +0000 |
commit | 55426fcc5559b40bb8d6c573b2d8d8ad2800814c (patch) | |
tree | 6c617e98de63b12d565bcd32c251edc6c5695673 /sys | |
parent | 7b4520f3c1f04effb671e914e42a998bb1902b65 (diff) | |
download | FreeBSD-src-55426fcc5559b40bb8d6c573b2d8d8ad2800814c.zip FreeBSD-src-55426fcc5559b40bb8d6c573b2d8d8ad2800814c.tar.gz |
The interpreter name should no longer be treated as a buffer that can be
overwritten. (This change should have been included in r210545.)
Submitted by: kib
Diffstat (limited to 'sys')
-rw-r--r-- | sys/amd64/linux32/linux32_sysvec.c | 16 | ||||
-rw-r--r-- | sys/i386/linux/linux_sysvec.c | 15 | ||||
-rw-r--r-- | sys/kern/kern_exec.c | 4 | ||||
-rw-r--r-- | sys/sys/imgact.h | 1 |
4 files changed, 15 insertions, 21 deletions
diff --git a/sys/amd64/linux32/linux32_sysvec.c b/sys/amd64/linux32/linux32_sysvec.c index 010e1d6..b9b182e 100644 --- a/sys/amd64/linux32/linux32_sysvec.c +++ b/sys/amd64/linux32/linux32_sysvec.c @@ -804,7 +804,7 @@ exec_linux_imgact_try(struct image_params *imgp) { const char *head = (const char *)imgp->image_header; char *rpath; - int error = -1, len; + int error = -1; /* * The interpreter for shell scripts run from a linux binary needs @@ -821,18 +821,12 @@ exec_linux_imgact_try(struct image_params *imgp) linux_emul_convpath(FIRST_THREAD_IN_PROC(imgp->proc), imgp->interpreter_name, UIO_SYSSPACE, &rpath, 0, AT_FDCWD); - if (rpath != NULL) { - len = strlen(rpath) + 1; - - if (len <= MAXSHELLCMDLEN) { - memcpy(imgp->interpreter_name, rpath, - len); - } - free(rpath, M_TEMP); - } + if (rpath != NULL) + imgp->args->fname_buf = + imgp->interpreter_name = rpath; } } - return(error); + return (error); } /* diff --git a/sys/i386/linux/linux_sysvec.c b/sys/i386/linux/linux_sysvec.c index 364cc0c..5658211 100644 --- a/sys/i386/linux/linux_sysvec.c +++ b/sys/i386/linux/linux_sysvec.c @@ -904,7 +904,7 @@ exec_linux_imgact_try(struct image_params *imgp) { const char *head = (const char *)imgp->image_header; char *rpath; - int error = -1, len; + int error = -1; /* * The interpreter for shell scripts run from a linux binary needs @@ -920,17 +920,12 @@ exec_linux_imgact_try(struct image_params *imgp) if ((error = exec_shell_imgact(imgp)) == 0) { linux_emul_convpath(FIRST_THREAD_IN_PROC(imgp->proc), imgp->interpreter_name, UIO_SYSSPACE, &rpath, 0, AT_FDCWD); - if (rpath != NULL) { - len = strlen(rpath) + 1; - - if (len <= MAXSHELLCMDLEN) { - memcpy(imgp->interpreter_name, rpath, len); - } - free(rpath, M_TEMP); - } + if (rpath != NULL) + imgp->args->fname_buf = + imgp->interpreter_name = rpath; } } - return(error); + return (error); } /* diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 2242328..c60e329 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1175,6 +1175,10 @@ exec_free_args(struct image_args *args) PATH_MAX + ARG_MAX); args->buf = NULL; } + if (args->fname_buf != NULL) { + free(args->fname_buf, M_TEMP); + args->fname_buf = NULL; + } } /* diff --git a/sys/sys/imgact.h b/sys/sys/imgact.h index c4075fa..8c183ad 100644 --- a/sys/sys/imgact.h +++ b/sys/sys/imgact.h @@ -42,6 +42,7 @@ struct image_args { char *begin_envv; /* beginning of envv in buf */ char *endp; /* current `end' pointer of arg & env strings */ char *fname; /* pointer to filename of executable (system space) */ + char *fname_buf; /* pointer to optional malloc(M_TEMP) buffer */ int stringspace; /* space left in arg & env buffer */ int argc; /* count of argument strings */ int envc; /* count of environment strings */ |