Date: Sun, 6 Mar 2011 16:14:03 -0500 From: "Devon H. O'Dell" <devon.odell@gmail.com> To: FreeBSD-gnats-submit@freebsd.org, freebsd-bugs@freebsd.org Subject: Re: kern/155321: imgact_shell integer underflow when argv[0] is longer than interp + path Message-ID: <AANLkTinQqtBD1ANhjs6P3gb5EJL4MhPUcLiPfo%2BmpNEX@mail.gmail.com> In-Reply-To: <201103062000.p26K0InG097407@freefall.freebsd.org> References: <201103061956.p26JutYe064887@red.freebsd.org> <201103062000.p26K0InG097407@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--001636c5a9edd929c2049dd6dbdb Content-Type: text/plain; charset=ISO-8859-1 Actually, kib@ points out that this isn't quite correct; the correct fix should indeed be a 1-liner, attached. --dho --001636c5a9edd929c2049dd6dbdb Content-Type: text/plain; charset=US-ASCII; name="imgact_shell.txt" Content-Disposition: attachment; filename="imgact_shell.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gkygm51u0 SW5kZXg6IHN5cy9rZXJuL2ltZ2FjdF9zaGVsbC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9rZXJuL2lt Z2FjdF9zaGVsbC5jCShyZXZpc2lvbiAyMTkzNDUpCisrKyBzeXMva2Vybi9pbWdhY3Rfc2hlbGwu Ywkod29ya2luZyBjb3B5KQpAQCAtMTk1LDcgKzE5NSw3IEBACiAJbGVuZ3RoID0gKGltZ3AtPmFy Z3MtPmFyZ2MgPT0gMCkgPyAwIDoKIAkgICAgc3RybGVuKGltZ3AtPmFyZ3MtPmJlZ2luX2FyZ3Yp ICsgMTsJCS8qIGJ5dGVzIHRvIGRlbGV0ZSAqLwogCi0JaWYgKG9mZnNldCAtIGxlbmd0aCA+IGlt Z3AtPmFyZ3MtPnN0cmluZ3NwYWNlKSB7CisJaWYgKG9mZnNldCA+IGxlbmd0aCAmJiBvZmZzZXQg LSBsZW5ndGggPiBpbWdwLT5hcmdzLT5zdHJpbmdzcGFjZSkgewogCQlpZiAoc25hbWUgIT0gTlVM TCkKIAkJCXNidWZfZGVsZXRlKHNuYW1lKTsKIAkJcmV0dXJuIChFMkJJRyk7Cg== --001636c5a9edd929c2049dd6dbdb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTinQqtBD1ANhjs6P3gb5EJL4MhPUcLiPfo%2BmpNEX>