From: jsg Date: Thu, 30 Apr 2015 11:15:28 +0000 (+0000) Subject: Now we use p_filesz - 1 to test for NUL check that p_filesz is X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c0aa15fa61946e88140dab328b206e0dcb2ba7c1;p=openbsd Now we use p_filesz - 1 to test for NUL check that p_filesz is at least two and while here allow the upper bound to be MAXPATHLEN by changing a >= to > as suggested by krw@ in a thread on tech where Maxime Villard proposed additional PT_INTERP checks. tested by and ok guenther@ --- diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c index 76fd2d23eb8..bc827f45011 100644 --- a/sys/kern/exec_elf.c +++ b/sys/kern/exec_elf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exec_elf.c,v 1.115 2015/04/30 03:11:21 guenther Exp $ */ +/* $OpenBSD: exec_elf.c,v 1.116 2015/04/30 11:15:28 jsg Exp $ */ /* * Copyright (c) 1996 Per Fogelstrom @@ -552,7 +552,7 @@ ELFNAME2(exec,makecmds)(struct proc *p, struct exec_package *epp) for (i = 0, pp = ph; i < eh->e_phnum; i++, pp++) { if (pp->p_type == PT_INTERP && !interp) { - if (pp->p_filesz >= MAXPATHLEN) + if (pp->p_filesz < 2 || pp->p_filesz > MAXPATHLEN) goto bad; interp = pool_get(&namei_pool, PR_WAITOK); if ((error = ELFNAME(read_from)(p, epp->ep_vp,