Date: Wed, 28 Jul 2010 04:47:40 +0000 (UTC) From: Alan Cox <alc@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r210555 - in head/sys: amd64/linux32 i386/linux kern sys Message-ID: <201007280447.o6S4leTn011670@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: alc Date: Wed Jul 28 04:47:40 2010 New Revision: 210555 URL: http://svn.freebsd.org/changeset/base/210555 Log: The interpreter name should no longer be treated as a buffer that can be overwritten. (This change should have been included in r210545.) Submitted by: kib Modified: head/sys/amd64/linux32/linux32_sysvec.c head/sys/i386/linux/linux_sysvec.c head/sys/kern/kern_exec.c head/sys/sys/imgact.h Modified: head/sys/amd64/linux32/linux32_sysvec.c ============================================================================== --- head/sys/amd64/linux32/linux32_sysvec.c Tue Jul 27 23:03:50 2010 (r210554) +++ head/sys/amd64/linux32/linux32_sysvec.c Wed Jul 28 04:47:40 2010 (r210555) @@ -804,7 +804,7 @@ exec_linux_imgact_try(struct image_param { const char *head = (const char *)imgp->image_header; char *rpath; - int error = -1, len; + int error = -1; /* * The interpreter for shell scripts run from a linux binary needs @@ -821,18 +821,12 @@ exec_linux_imgact_try(struct image_param linux_emul_convpath(FIRST_THREAD_IN_PROC(imgp->proc), imgp->interpreter_name, UIO_SYSSPACE, &rpath, 0, AT_FDCWD); - if (rpath != NULL) { - len = strlen(rpath) + 1; - - if (len <= MAXSHELLCMDLEN) { - memcpy(imgp->interpreter_name, rpath, - len); - } - free(rpath, M_TEMP); - } + if (rpath != NULL) + imgp->args->fname_buf = + imgp->interpreter_name = rpath; } } - return(error); + return (error); } /* Modified: head/sys/i386/linux/linux_sysvec.c ============================================================================== --- head/sys/i386/linux/linux_sysvec.c Tue Jul 27 23:03:50 2010 (r210554) +++ head/sys/i386/linux/linux_sysvec.c Wed Jul 28 04:47:40 2010 (r210555) @@ -904,7 +904,7 @@ exec_linux_imgact_try(struct image_param { const char *head = (const char *)imgp->image_header; char *rpath; - int error = -1, len; + int error = -1; /* * The interpreter for shell scripts run from a linux binary needs @@ -920,17 +920,12 @@ exec_linux_imgact_try(struct image_param if ((error = exec_shell_imgact(imgp)) == 0) { linux_emul_convpath(FIRST_THREAD_IN_PROC(imgp->proc), imgp->interpreter_name, UIO_SYSSPACE, &rpath, 0, AT_FDCWD); - if (rpath != NULL) { - len = strlen(rpath) + 1; - - if (len <= MAXSHELLCMDLEN) { - memcpy(imgp->interpreter_name, rpath, len); - } - free(rpath, M_TEMP); - } + if (rpath != NULL) + imgp->args->fname_buf = + imgp->interpreter_name = rpath; } } - return(error); + return (error); } /* Modified: head/sys/kern/kern_exec.c ============================================================================== --- head/sys/kern/kern_exec.c Tue Jul 27 23:03:50 2010 (r210554) +++ head/sys/kern/kern_exec.c Wed Jul 28 04:47:40 2010 (r210555) @@ -1175,6 +1175,10 @@ exec_free_args(struct image_args *args) PATH_MAX + ARG_MAX); args->buf = NULL; } + if (args->fname_buf != NULL) { + free(args->fname_buf, M_TEMP); + args->fname_buf = NULL; + } } /* Modified: head/sys/sys/imgact.h ============================================================================== --- head/sys/sys/imgact.h Tue Jul 27 23:03:50 2010 (r210554) +++ head/sys/sys/imgact.h Wed Jul 28 04:47:40 2010 (r210555) @@ -42,6 +42,7 @@ struct image_args { char *begin_envv; /* beginning of envv in buf */ char *endp; /* current `end' pointer of arg & env strings */ char *fname; /* pointer to filename of executable (system space) */ + char *fname_buf; /* pointer to optional malloc(M_TEMP) buffer */ int stringspace; /* space left in arg & env buffer */ int argc; /* count of argument strings */ int envc; /* count of environment strings */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007280447.o6S4leTn011670>