[src/netbsd-1-4]: src/sys/compat/common Pull up revision 1.16 (requested by s...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9bad0c0a26cc
branches:  netbsd-1-4
changeset: 470885:9bad0c0a26cc
user:      he <he%NetBSD.org@localhost>
date:      Sat Sep 09 15:53:13 2000 +0000

description:
Pull up revision 1.16 (requested by simonb):
  More carefully check length of user-supplied data, in particular
  make sure we don't overrun the available stack gap in stack gap
  allocations.

diffstat:

 sys/compat/common/compat_util.c |  19 +++++++++++++++----
 1 files changed, 15 insertions(+), 4 deletions(-)

diffs (42 lines):

diff -r 21c9846843df -r 9bad0c0a26cc sys/compat/common/compat_util.c
--- a/sys/compat/common/compat_util.c   Sat Sep 09 15:12:35 2000 +0000
+++ b/sys/compat/common/compat_util.c   Sat Sep 09 15:53:13 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: compat_util.c,v 1.11.2.2 1999/06/21 19:23:26 cgd Exp $ */
+/*     $NetBSD: compat_util.c,v 1.11.2.3 2000/09/09 15:53:13 he Exp $  */
 
 /*-
  * Copyright (c) 1994 The NetBSD Foundation, Inc.
@@ -187,9 +187,13 @@
        else {
                sz = &ptr[len] - buf;
                *pbuf = stackgap_alloc(sgp, sz + 1);
+               if (*pbuf == NULL) {
+                       error = ENAMETOOLONG;
+                       goto bad;
+               }
                if ((error = copyout(buf, (void *)*pbuf, sz)) != 0) {
                        *pbuf = path;
-                       return error;
+                       goto bad;
                }
                free(buf, M_TEMP);
        }
@@ -243,8 +247,15 @@
        size_t sz;
 {
        void *p = (void *) *sgp;
-
-       *sgp += ALIGN(sz);
+       caddr_t nsgp;
+       struct emul *e = curproc->p_emul;        /* XXX */
+       int sigsize = e->e_esigcode - e->e_sigcode;
+       
+       sz = ALIGN(sz);
+       nsgp = *sgp + sz;
+       if (nsgp > (((caddr_t)PS_STRINGS) - sigsize))
+               return NULL;
+       *sgp = nsgp;
        return p;
 }