Eliminate the prefix parameter to linux_emul_find(), which was always
linux_emul_path anyway. Linux_emul_find() has interesting bugs in its prefix handling (which luckily are not currently exploitable); this commit is preliminary to an attempt at cleaning it up. Approved by: marcel
This commit is contained in:
parent
9ca45e813c
commit
a08d68de5b
@ -153,8 +153,8 @@ exec_linux_imgact_try(imgp)
|
||||
if ((error = exec_shell_imgact(imgp)) == 0) {
|
||||
char *rpath = NULL;
|
||||
|
||||
linux_emul_find(&imgp->proc->p_thread, NULL,/* XXXKSE */
|
||||
linux_emul_path, imgp->interpreter_name, &rpath, 0);
|
||||
linux_emul_find(&imgp->proc->p_thread, NULL,
|
||||
imgp->interpreter_name, &rpath, 0);
|
||||
if (rpath != imgp->interpreter_name) {
|
||||
int len = strlen(rpath) + 1;
|
||||
|
||||
|
@ -50,10 +50,9 @@ const char linux_emul_path[] = "/compat/linux";
|
||||
* be in exists.
|
||||
*/
|
||||
int
|
||||
linux_emul_find(td, sgp, prefix, path, pbuf, cflag)
|
||||
linux_emul_find(td, sgp, path, pbuf, cflag)
|
||||
struct thread *td;
|
||||
caddr_t *sgp; /* Pointer to stackgap memory */
|
||||
const char *prefix;
|
||||
char *path;
|
||||
char **pbuf;
|
||||
int cflag;
|
||||
@ -63,15 +62,16 @@ linux_emul_find(td, sgp, prefix, path, pbuf, cflag)
|
||||
struct vattr vat;
|
||||
struct vattr vatroot;
|
||||
int error;
|
||||
const char *prefix;
|
||||
char *ptr, *buf, *cp;
|
||||
size_t sz, len;
|
||||
|
||||
buf = (char *) malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
|
||||
*pbuf = path;
|
||||
|
||||
prefix = linux_emul_path;
|
||||
for (ptr = buf; (*ptr = *prefix) != '\0'; ptr++, prefix++)
|
||||
continue;
|
||||
|
||||
sz = MAXPATHLEN - (ptr - buf);
|
||||
|
||||
/*
|
||||
|
@ -76,15 +76,13 @@ stackgap_alloc(sgp, sz)
|
||||
|
||||
extern const char linux_emul_path[];
|
||||
|
||||
int linux_emul_find __P((struct thread *, caddr_t *, const char *, char *,
|
||||
char **, int));
|
||||
int linux_emul_find __P((struct thread *, caddr_t *, char *, char **, int));
|
||||
|
||||
#define CHECKALT(p, sgp, path, i) \
|
||||
do { \
|
||||
int _error; \
|
||||
\
|
||||
_error = linux_emul_find(p, sgp, linux_emul_path, path, \
|
||||
&path, i); \
|
||||
_error = linux_emul_find(p, sgp, path, &path, i); \
|
||||
if (_error == EFAULT) \
|
||||
return (_error); \
|
||||
} while (0)
|
||||
|
@ -745,13 +745,13 @@ exec_linux_imgact_try(imgp)
|
||||
if ((error = exec_shell_imgact(imgp)) == 0) {
|
||||
char *rpath = NULL;
|
||||
|
||||
linux_emul_find(&imgp->proc->p_thread, NULL, linux_emul_path,
|
||||
linux_emul_find(&imgp->proc->p_thread, NULL,
|
||||
imgp->interpreter_name, &rpath, 0);
|
||||
if (rpath != imgp->interpreter_name) {
|
||||
int len = strlen(rpath) + 1;
|
||||
|
||||
if (len <= MAXSHELLCMDLEN) {
|
||||
memcpy(imgp->interpreter_name, rpath, len);
|
||||
memcpy(imgp->interpreter_name, rpath, len);
|
||||
}
|
||||
free(rpath, M_TEMP);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user