00d17cf342
Resulting sbuf_len() from proc_getargv() might return 0 if user mangled ps_strings enough. Also, sbuf_len() API contract is to return -1 if the buffer overflowed. The later should not occur because get_ps_strings() checks for catenated length, but check for this subtle detail explicitly as well to be more resilent. The end result is that p_comm is used in this situations. Approved by: so Security: FreeBSD-SA-22:09.elf Reported by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net> Reviewed by: delphij, markj admbugs: 988 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35391 |
||
|---|---|---|
| .. | ||
| freebsd32 | ||
| ia32 | ||
| lindebugfs | ||
| linprocfs | ||
| linsysfs | ||
| linux | ||
| linuxkpi/common | ||
| x86bios | ||