up, please
Le 28/08/2013 21:43, Maxime Villard a écrit : > On 08/28/13 20:57, Matthew Dempsky wrote: >> On Wed, Aug 28, 2013 at 5:54 AM, Maxime Villard <[email protected]> wrote: >>> + /* Ensure interp is a valid, NUL-terminated string >>> */ >>> + for (n = 0; n < pp->p_filesz; n++) { >>> + if (interp[n] == '\0') >>> + break; >>> + } >>> + if (n != pp->p_filesz - 1) { >>> + error = ENOEXEC; >>> goto bad; >>> } >> >> A more concise test would be: >> >> if (strnlen(interp, pp->p_filesz) != pp->p_filesz - 1) { >> error = ENOEXEC; >> goto bad; >> } >> > > Hum you're right, it's better that way > > > Index: exec_elf.c > =================================================================== > RCS file: /cvs/src/sys/kern/exec_elf.c,v > retrieving revision 1.93 > diff -u -p -r1.93 exec_elf.c > --- exec_elf.c 4 Jul 2013 17:37:05 -0000 1.93 > +++ exec_elf.c 28 Aug 2013 21:14:22 -0000 > @@ -552,11 +552,16 @@ ELFNAME2(exec,makecmds)(struct proc *p, > > for (i = 0, pp = ph; i < eh->e_phnum; i++, pp++) { > if (pp->p_type == PT_INTERP && !interp) { > - if (pp->p_filesz >= MAXPATHLEN) > + if (pp->p_filesz < 2 || pp->p_filesz >= MAXPATHLEN) > goto bad; > interp = pool_get(&namei_pool, PR_WAITOK); > if ((error = ELFNAME(read_from)(p, epp->ep_vp, > pp->p_offset, interp, pp->p_filesz)) != 0) { > + goto bad; > + } > + /* Ensure interp is NUL-terminated and of the expected > length */ > + if (strnlen(interp, pp->p_filesz) != pp->p_filesz - 1) { > + error = ENOEXEC; > goto bad; > } > } else if (pp->p_type == PT_LOAD) { > > > It no longer looks like my patch... > >
