svn commit: r210555 - in head/sys: amd64/linux32 i386/linux kern sys

Wed Jul 28 04:47:41 UTC 2010

Author: alc
Date: Wed Jul 28 04:47:40 2010
New Revision: 210555
URL: http://svn.freebsd.org/changeset/base/210555

Log:
  The interpreter name should no longer be treated as a buffer that can be
  overwritten.  (This change should have been included in r210545.)
  
  Submitted by:	kib

Modified:
  head/sys/amd64/linux32/linux32_sysvec.c
  head/sys/i386/linux/linux_sysvec.c
  head/sys/kern/kern_exec.c
  head/sys/sys/imgact.h

Modified: head/sys/amd64/linux32/linux32_sysvec.c
==============================================================================

--- head/sys/amd64/linux32/linux32_sysvec.c	Tue Jul 27 23:03:50 2010	(r210554)
+++ head/sys/amd64/linux32/linux32_sysvec.c	Wed Jul 28 04:47:40 2010	(r210555)
@@ -804,7 +804,7 @@ exec_linux_imgact_try(struct image_param
 {
 	const char *head = (const char *)imgp->image_header;
 	char *rpath;
-	int error = -1, len;
+	int error = -1;
 
 	/*
 	* The interpreter for shell scripts run from a linux binary needs
@@ -821,18 +821,12 @@ exec_linux_imgact_try(struct image_param
 			linux_emul_convpath(FIRST_THREAD_IN_PROC(imgp->proc),
 			    imgp->interpreter_name, UIO_SYSSPACE, &rpath, 0,
 			    AT_FDCWD);
-			if (rpath != NULL) {
-				len = strlen(rpath) + 1;
-
-				if (len <= MAXSHELLCMDLEN) {
-					memcpy(imgp->interpreter_name, rpath,
-					    len);
-				}
-				free(rpath, M_TEMP);
-			}
+			if (rpath != NULL)
+				imgp->args->fname_buf =
+				    imgp->interpreter_name = rpath;
 		}
 	}
-	return(error);
+	return (error);
 }
 
 /*

Modified: head/sys/i386/linux/linux_sysvec.c
==============================================================================
--- head/sys/i386/linux/linux_sysvec.c	Tue Jul 27 23:03:50 2010	(r210554)
+++ head/sys/i386/linux/linux_sysvec.c	Wed Jul 28 04:47:40 2010	(r210555)
@@ -904,7 +904,7 @@ exec_linux_imgact_try(struct image_param
 {
     const char *head = (const char *)imgp->image_header;
     char *rpath;
-    int error = -1, len;
+    int error = -1;
 
     /*
      * The interpreter for shell scripts run from a linux binary needs
@@ -920,17 +920,12 @@ exec_linux_imgact_try(struct image_param
 	    if ((error = exec_shell_imgact(imgp)) == 0) {
 		    linux_emul_convpath(FIRST_THREAD_IN_PROC(imgp->proc),
 			imgp->interpreter_name, UIO_SYSSPACE, &rpath, 0, AT_FDCWD);
-		    if (rpath != NULL) {
-			    len = strlen(rpath) + 1;
-
-			    if (len <= MAXSHELLCMDLEN) {
-				    memcpy(imgp->interpreter_name, rpath, len);
-			    }
-			    free(rpath, M_TEMP);
-		    }
+		    if (rpath != NULL)
+			    imgp->args->fname_buf =
+				imgp->interpreter_name = rpath;
 	    }
     }
-    return(error);
+    return (error);
 }
 
 /*

Modified: head/sys/kern/kern_exec.c
==============================================================================
--- head/sys/kern/kern_exec.c	Tue Jul 27 23:03:50 2010	(r210554)
+++ head/sys/kern/kern_exec.c	Wed Jul 28 04:47:40 2010	(r210555)
@@ -1175,6 +1175,10 @@ exec_free_args(struct image_args *args)
 		    PATH_MAX + ARG_MAX);
 		args->buf = NULL;
 	}
+	if (args->fname_buf != NULL) {
+		free(args->fname_buf, M_TEMP);
+		args->fname_buf = NULL;
+	}
 }
 
 /*

Modified: head/sys/sys/imgact.h
==============================================================================
--- head/sys/sys/imgact.h	Tue Jul 27 23:03:50 2010	(r210554)
+++ head/sys/sys/imgact.h	Wed Jul 28 04:47:40 2010	(r210555)
@@ -42,6 +42,7 @@ struct image_args {
 	char *begin_envv;	/* beginning of envv in buf */
 	char *endp;		/* current `end' pointer of arg & env strings */
 	char *fname;            /* pointer to filename of executable (system space) */
+	char *fname_buf;	/* pointer to optional malloc(M_TEMP) buffer */
 	int stringspace;	/* space left in arg & env buffer */
 	int argc;		/* count of argument strings */
 	int envc;		/* count of environment strings */
