From a069944f46211cf481f1414ec35e8e264169f6f2 Mon Sep 17 00:00:00 2001 From: marcel Date: Sun, 23 Jul 2000 16:54:18 +0000 Subject: Add bounds checking to stackgap_alloc. Previously it was possible to construct a path that was long enough (ie longer than SPARE_USRSPACE bytes) and trash the stack. Note that SPARE_USRSPACE is much smaller than MAXPATHLEN so that the Linuxulator will now return ENAMETOOLONG even if the path is smaller than MAXPATHLEN. PR: 12749 --- sys/compat/linux/linux_misc.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sys/compat/linux/linux_misc.c') diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index 1adea54..dcbff98 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -954,6 +954,8 @@ linux_utime(struct proc *p, struct linux_utime_args *args) tv[1].tv_usec = 0; /* so that utimes can copyin */ tvp = (struct timeval *)stackgap_alloc(&sg, sizeof(tv)); + if (tvp == NULL) + return (ENAMETOOLONG); if ((error = copyout(tv, tvp, sizeof(tv)))) return error; bsdutimes.tptr = tvp; -- cgit v1.1