From a069944f46211cf481f1414ec35e8e264169f6f2 Mon Sep 17 00:00:00 2001 From: marcel Date: Sun, 23 Jul 2000 16:54:18 +0000 Subject: Add bounds checking to stackgap_alloc. Previously it was possible to construct a path that was long enough (ie longer than SPARE_USRSPACE bytes) and trash the stack. Note that SPARE_USRSPACE is much smaller than MAXPATHLEN so that the Linuxulator will now return ENAMETOOLONG even if the path is smaller than MAXPATHLEN. PR: 12749 --- sys/compat/linux/linux_util.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'sys/compat/linux/linux_util.c') diff --git a/sys/compat/linux/linux_util.c b/sys/compat/linux/linux_util.c index 8faf35e..e0ea0cb 100644 --- a/sys/compat/linux/linux_util.c +++ b/sys/compat/linux/linux_util.c @@ -162,7 +162,10 @@ linux_emul_find(p, sgp, prefix, path, pbuf, cflag) else { sz = &ptr[len] - buf; *pbuf = stackgap_alloc(sgp, sz + 1); - error = copyout(buf, *pbuf, sz); + if (*pbuf != NULL) + error = copyout(buf, *pbuf, sz); + else + error = ENAMETOOLONG; free(buf, M_TEMP); } -- cgit v1.1