Module Name: src
Committed By: christos
Date: Sat Mar 17 00:30:50 UTC 2018
Modified Files:
src/sys/kern: exec_elf.c
Log Message:
CID/1427732: Don't dereference NULL execname if there is no emul_arg.
(there always is one in our emulations) from alnsn@
To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 src/sys/kern/exec_elf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/exec_elf.c
diff -u src/sys/kern/exec_elf.c:1.93 src/sys/kern/exec_elf.c:1.94
--- src/sys/kern/exec_elf.c:1.93 Tue Nov 7 14:44:04 2017
+++ src/sys/kern/exec_elf.c Fri Mar 16 20:30:50 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: exec_elf.c,v 1.93 2017/11/07 19:44:04 christos Exp $ */
+/* $NetBSD: exec_elf.c,v 1.94 2018/03/17 00:30:50 christos Exp $ */
/*-
* Copyright (c) 1994, 2000, 2005, 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.93 2017/11/07 19:44:04 christos Exp $");
+__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.94 2018/03/17 00:30:50 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_pax.h"
@@ -161,7 +161,6 @@ elf_copyargs(struct lwp *l, struct exec_
return error;
a = ai;
- execname = NULL;
memset(ai, 0, sizeof(ai));
@@ -231,6 +230,8 @@ elf_copyargs(struct lwp *l, struct exec_
a++;
exec_free_emul_arg(pack);
+ } else {
+ execname = NULL;
}
a->a_type = AT_NULL;
@@ -241,12 +242,16 @@ elf_copyargs(struct lwp *l, struct exec_
KASSERT(vlen <= sizeof(ai));
- char *path = l->l_proc->p_path;
- execname->a_v = (uintptr_t)(*stackp + vlen);
- len = strlen(path) + 1;
- if ((error = copyout(path, (*stackp + vlen), len)) != 0)
- return error;
- len = ALIGN(len);
+ if (execname) {
+ char *path = l->l_proc->p_path;
+ execname->a_v = (uintptr_t)(*stackp + vlen);
+ len = strlen(path) + 1;
+ if ((error = copyout(path, (*stackp + vlen), len)) != 0)
+ return error;
+ len = ALIGN(len);
+ } else {
+ len = 0;
+ }
if ((error = copyout(ai, *stackp, vlen)) != 0)
return error;
