svn commit: r315685 - head/sys/kern
Ed Maste
emaste at FreeBSD.org
Tue Mar 21 18:02:16 UTC 2017
Author: emaste
Date: Tue Mar 21 18:02:14 2017
New Revision: 315685
URL: https://svnweb.freebsd.org/changeset/base/315685
Log:
tighten buffer bounds in imgact_binmisc_populate_interp
We must ensure there's space for the terminating null in the temporary
buffer in imgact_binmisc_populate_interp().
Note that there's no buffer overflow here because xbe->xbe_interpreter's
length and null termination is checked in imgact_binmisc_add_entry()
before imgact_binmisc_populate_interp() is called. However, the latter
should correctly enforce its own bounds.
Reviewed by: sbruno
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D10042
Modified:
head/sys/kern/imgact_binmisc.c
Modified: head/sys/kern/imgact_binmisc.c
==============================================================================
--- head/sys/kern/imgact_binmisc.c Tue Mar 21 16:23:44 2017 (r315684)
+++ head/sys/kern/imgact_binmisc.c Tue Mar 21 18:02:14 2017 (r315685)
@@ -120,7 +120,7 @@ imgact_binmisc_populate_interp(char *str
sp = str; tp = t;
while (*sp != '\0') {
if (*sp == ' ' || *sp == '\t') {
- if (++len > IBE_INTERP_LEN_MAX)
+ if (++len >= IBE_INTERP_LEN_MAX)
break;
*tp++ = ' ';
argc++;
More information about the svn-src-all
mailing list