git: 093cc4194e6e - stable/15 - imgact_elf: handle unaligned phdrs

From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Sat, 13 Jun 2026 01:03:54 UTC 
The branch stable/15 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=093cc4194e6e88569bc25ecb73f6d887c5d69037

commit 093cc4194e6e88569bc25ecb73f6d887c5d69037
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2026-06-08 01:22:51 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2026-06-13 00:58:36 +0000

    imgact_elf: handle unaligned phdrs
    
    PR:     295629
    
    (cherry picked from commit 0b269737f9ca057826a6c9376c2474b1ae5bc91c)
---
 sys/kern/imgact_elf.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index 15a3472731d6..a9ee58d941c4 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -858,12 +858,12 @@ __elfN(load_file)(struct thread *td, const char *file, u_long *addr,
 		goto fail;
 	}
 
-	if (!aligned(imgp->image_header + hdr->e_phoff, Elf_Addr) ||
-	    hdr->e_phnum > __elfN(phnums)) {
+	if (hdr->e_phnum > __elfN(phnums)) {
 		error = ENOEXEC;
 		goto fail;
 	}
-	if (__elfN(phdr_in_zero_page)(hdr)) {
+	if (__elfN(phdr_in_zero_page)(hdr) &&
+	    aligned(imgp->image_header + hdr->e_phoff, Elf_Addr)) {
 		phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
 	} else {
 		VOP_UNLOCK(imgp->vp);
@@ -1157,10 +1157,6 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
 	free_interp = false;
 	m_phdrs = NULL;
 
-	if (!aligned(imgp->image_header + hdr->e_phoff, Elf_Addr)) {
-		uprintf("Unaligned program headers\n");
-		return (ENOEXEC);
-	}
 	if (hdr->e_phoff + hdr->e_phnum * hdr->e_phentsize < hdr->e_phoff) {
 		uprintf("PHDRS wrap\n");
 		return (ENOEXEC);
@@ -1170,7 +1166,8 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
 		    hdr->e_phnum, __elfN(phnums));
 		return (ENOEXEC);
 	}
-	if (__elfN(phdr_in_zero_page)(hdr)) {
+	if (__elfN(phdr_in_zero_page)(hdr) &&
+	    aligned(imgp->image_header + hdr->e_phoff, Elf_Addr)) {
 		phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
 	} else {
 		VOP_UNLOCK(imgp->vp);