Now we use p_filesz - 1 to test for NUL check that p_filesz is

at least two and while here allow the upper bound to be
MAXPATHLEN by changing a >= to > as suggested by krw@ in a thread
on tech where Maxime Villard proposed additional PT_INTERP checks.

tested by and ok guenther@

diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c
index 76fd2d2..bc827f4 100644 (file)
--- a/sys/kern/exec_elf.c
+++ b/sys/kern/exec_elf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: exec_elf.c,v 1.115 2015/04/30 03:11:21 guenther Exp $ */
+/*     $OpenBSD: exec_elf.c,v 1.116 2015/04/30 11:15:28 jsg Exp $      */
 
 /*
  * Copyright (c) 1996 Per Fogelstrom
@@ -552,7 +552,7 @@ ELFNAME2(exec,makecmds)(struct proc *p, struct exec_package *epp)
 
        for (i = 0, pp = ph; i < eh->e_phnum; i++, pp++) {
                if (pp->p_type == PT_INTERP && !interp) {
-                       if (pp->p_filesz >= MAXPATHLEN)
+                       if (pp->p_filesz < 2 || pp->p_filesz > MAXPATHLEN)
                                goto bad;
                        interp = pool_get(&namei_pool, PR_WAITOK);
                        if ((error = ELFNAME(read_from)(p, epp->ep_vp,