From owner-freebsd-bugs@FreeBSD.ORG Sun Mar 6 21:36:32 2011 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5BFCC1065670; Sun, 6 Mar 2011 21:36:32 +0000 (UTC) (envelope-from devon.odell@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id BA8058FC14; Sun, 6 Mar 2011 21:36:31 +0000 (UTC) Received: by wwb31 with SMTP id 31so4742704wwb.31 for ; Sun, 06 Mar 2011 13:36:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=dJaM5lO92C94rHhZux53Gf18v66CydoSOti/N/ltkcA=; b=WnS+RYrxHaMR2+iRkstxpe59IPimf0EnlPANLW/HxN+ep7B9F6ZmpbvzKL25brj8+f aL8l8vT1ZyZTVIO1A8y2pFagbcLxvm9UBOZE5naEGYl1I9zTl9d7A/Rgg/IJhxcWwHUV ymy/7qTlM/9ASDlOrSlddpbOn+DNiFHpXD2pY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=FQtDoaXeHbN3t41Q8sQ0UZE1yMGZy7CVnutVv7rz8HHttejdh5hK6fQh9l9vh0gD8s eCOyYqJ90a7KvvWXtX/I/CTWFG62Car98wpg2rCfcGZe4OB6Vwgy7ESrdaZbGoafo8To 1bGdBLqNaNrKOQgqvqOMMtynxR0WWMAl4Uyxg= MIME-Version: 1.0 Received: by 10.216.145.90 with SMTP id o68mr1635233wej.77.1299446043846; Sun, 06 Mar 2011 13:14:03 -0800 (PST) Received: by 10.216.183.13 with HTTP; Sun, 6 Mar 2011 13:14:03 -0800 (PST) In-Reply-To: <201103062000.p26K0InG097407@freefall.freebsd.org> References: <201103061956.p26JutYe064887@red.freebsd.org> <201103062000.p26K0InG097407@freefall.freebsd.org> Date: Sun, 6 Mar 2011 16:14:03 -0500 Message-ID: From: "Devon H. O'Dell" To: FreeBSD-gnats-submit@freebsd.org, freebsd-bugs@freebsd.org Content-Type: multipart/mixed; boundary=001636c5a9edd929c2049dd6dbdb Cc: Subject: Re: kern/155321: imgact_shell integer underflow when argv[0] is longer than interp + path X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Mar 2011 21:36:32 -0000 --001636c5a9edd929c2049dd6dbdb Content-Type: text/plain; charset=ISO-8859-1 Actually, kib@ points out that this isn't quite correct; the correct fix should indeed be a 1-liner, attached. --dho --001636c5a9edd929c2049dd6dbdb Content-Type: text/plain; charset=US-ASCII; name="imgact_shell.txt" Content-Disposition: attachment; filename="imgact_shell.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gkygm51u0 SW5kZXg6IHN5cy9rZXJuL2ltZ2FjdF9zaGVsbC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9rZXJuL2lt Z2FjdF9zaGVsbC5jCShyZXZpc2lvbiAyMTkzNDUpCisrKyBzeXMva2Vybi9pbWdhY3Rfc2hlbGwu Ywkod29ya2luZyBjb3B5KQpAQCAtMTk1LDcgKzE5NSw3IEBACiAJbGVuZ3RoID0gKGltZ3AtPmFy Z3MtPmFyZ2MgPT0gMCkgPyAwIDoKIAkgICAgc3RybGVuKGltZ3AtPmFyZ3MtPmJlZ2luX2FyZ3Yp ICsgMTsJCS8qIGJ5dGVzIHRvIGRlbGV0ZSAqLwogCi0JaWYgKG9mZnNldCAtIGxlbmd0aCA+IGlt Z3AtPmFyZ3MtPnN0cmluZ3NwYWNlKSB7CisJaWYgKG9mZnNldCA+IGxlbmd0aCAmJiBvZmZzZXQg LSBsZW5ndGggPiBpbWdwLT5hcmdzLT5zdHJpbmdzcGFjZSkgewogCQlpZiAoc25hbWUgIT0gTlVM TCkKIAkJCXNidWZfZGVsZXRlKHNuYW1lKTsKIAkJcmV0dXJuIChFMkJJRyk7Cg== --001636c5a9edd929c2049dd6dbdb--