Hi, here is a patch for some tweaks in kern/exec_elf.c. * Typo in a comment * elf_check_header() already ensures eh.e_phnum > MAXPHNUM * Put is_dyn before. It's just a small optimization: elf_check_header(eh, ET_EXEC) is always called before checking is_dyn, so if we invert the two things we avoid calling elf_check_header() twice if is_dyn is ok.
Index: exec_elf.c =================================================================== RCS file: /cvsroot/src/sys/kern/exec_elf.c,v retrieving revision 1.45 diff -u -p -r1.45 exec_elf.c --- exec_elf.c 9 Apr 2013 07:39:01 -0000 1.45 +++ exec_elf.c 25 Aug 2013 13:24:33 -0000 @@ -280,7 +280,7 @@ elf_copyargs(struct lwp *l, struct exec_ /* * elf_check_header(): * - * Check header for validity; return 0 of ok ENOEXEC if error + * Check header for validity; return 0 if ok, ENOEXEC if error */ int elf_check_header(Elf_Ehdr *eh, int type) @@ -493,7 +493,7 @@ elf_load_file(struct lwp *l, struct exec if ((error = elf_check_header(&eh, ET_DYN)) != 0) goto bad; - if (eh.e_phnum > MAXPHNUM || eh.e_phnum == 0) { + if (eh.e_phnum == 0) { error = ENOEXEC; goto bad; } @@ -676,10 +676,10 @@ exec_elf_makecmds(struct lwp *l, struct * XXX allow for executing shared objects. It seems silly * but other ELF-based systems allow it as well. */ - if (elf_check_header(eh, ET_EXEC) != 0 && !is_dyn) + if (!is_dyn && elf_check_header(eh, ET_EXEC) != 0) return ENOEXEC; - if (eh->e_phnum > MAXPHNUM || eh->e_phnum == 0) + if (eh->e_phnum == 0) return ENOEXEC; error = vn_marktext(epp->ep_vp); Ok/Comments?