Date: Thu, 24 Dec 2015 00:58:11 +0000 (UTC) From: "Jonathan T. Looney" <jtl@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r292676 - head/sys/kern Message-ID: <201512240058.tBO0wBve043452@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jtl Date: Thu Dec 24 00:58:11 2015 New Revision: 292676 URL: https://svnweb.freebsd.org/changeset/base/292676 Log: Only allow one PT_INTERP ELF program header. This also fixes a potential memory leak for interp_buf. Differential Revision: https://reviews.freebsd.org/D4692 Reviewed by: kib MFC after: 2 weeks Sponsored by: Juniper Networks Modified: head/sys/kern/imgact_elf.c Modified: head/sys/kern/imgact_elf.c ============================================================================== --- head/sys/kern/imgact_elf.c Wed Dec 23 23:35:32 2015 (r292675) +++ head/sys/kern/imgact_elf.c Thu Dec 24 00:58:11 2015 (r292676) @@ -799,6 +799,11 @@ __CONCAT(exec_, __elfN(imgact))(struct i error = ENOEXEC; goto ret; } + if (interp != NULL) { + uprintf("Multiple PT_INTERP headers\n"); + error = ENOEXEC; + goto ret; + } interp_name_len = phdr[i].p_filesz; if (phdr[i].p_offset > PAGE_SIZE || interp_name_len > PAGE_SIZE - phdr[i].p_offset) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201512240058.tBO0wBve043452>