The interpreter name should no longer be treated as a buffer that can be

overwritten.  (This change should have been included in r210545.)

Submitted by:	kib
This commit is contained in:
alc 2010-07-28 04:47:40 +00:00
parent 7b4520f3c1
commit 55426fcc55
4 changed files with 15 additions and 21 deletions

View File

@ -804,7 +804,7 @@ exec_linux_imgact_try(struct image_params *imgp)
{
const char *head = (const char *)imgp->image_header;
char *rpath;
int error = -1, len;
int error = -1;
/*
* The interpreter for shell scripts run from a linux binary needs
@ -821,18 +821,12 @@ exec_linux_imgact_try(struct image_params *imgp)
linux_emul_convpath(FIRST_THREAD_IN_PROC(imgp->proc),
imgp->interpreter_name, UIO_SYSSPACE, &rpath, 0,
AT_FDCWD);
if (rpath != NULL) {
len = strlen(rpath) + 1;
if (len <= MAXSHELLCMDLEN) {
memcpy(imgp->interpreter_name, rpath,
len);
}
free(rpath, M_TEMP);
}
if (rpath != NULL)
imgp->args->fname_buf =
imgp->interpreter_name = rpath;
}
}
return(error);
return (error);
}
/*

View File

@ -904,7 +904,7 @@ exec_linux_imgact_try(struct image_params *imgp)
{
const char *head = (const char *)imgp->image_header;
char *rpath;
int error = -1, len;
int error = -1;
/*
* The interpreter for shell scripts run from a linux binary needs
@ -920,17 +920,12 @@ exec_linux_imgact_try(struct image_params *imgp)
if ((error = exec_shell_imgact(imgp)) == 0) {
linux_emul_convpath(FIRST_THREAD_IN_PROC(imgp->proc),
imgp->interpreter_name, UIO_SYSSPACE, &rpath, 0, AT_FDCWD);
if (rpath != NULL) {
len = strlen(rpath) + 1;
if (len <= MAXSHELLCMDLEN) {
memcpy(imgp->interpreter_name, rpath, len);
}
free(rpath, M_TEMP);
}
if (rpath != NULL)
imgp->args->fname_buf =
imgp->interpreter_name = rpath;
}
}
return(error);
return (error);
}
/*

View File

@ -1175,6 +1175,10 @@ exec_free_args(struct image_args *args)
PATH_MAX + ARG_MAX);
args->buf = NULL;
}
if (args->fname_buf != NULL) {
free(args->fname_buf, M_TEMP);
args->fname_buf = NULL;
}
}
/*

View File

@ -42,6 +42,7 @@ struct image_args {
char *begin_envv; /* beginning of envv in buf */
char *endp; /* current `end' pointer of arg & env strings */
char *fname; /* pointer to filename of executable (system space) */
char *fname_buf; /* pointer to optional malloc(M_TEMP) buffer */
int stringspace; /* space left in arg & env buffer */
int argc; /* count of argument strings */
int envc; /* count of environment strings */