Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/compat/ibcs2 avoid integer type truncation. be picky ab...
details: https://anonhg.NetBSD.org/src/rev/2f59c1f17b8c
branches: trunk
changeset: 555477:2f59c1f17b8c
user: itojun <itojun%NetBSD.org@localhost>
date: Tue Nov 18 19:46:37 2003 +0000
description:
avoid integer type truncation. be picky about integer computation overflow.
inspired by ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/i386/011_ibcs2.patch
diffstat:
sys/compat/ibcs2/ibcs2_exec_coff.c | 13 ++++++++++---
1 files changed, 10 insertions(+), 3 deletions(-)
diffs (41 lines):
diff -r 0aaaaf07074e -r 2f59c1f17b8c sys/compat/ibcs2/ibcs2_exec_coff.c
--- a/sys/compat/ibcs2/ibcs2_exec_coff.c Tue Nov 18 18:51:23 2003 +0000
+++ b/sys/compat/ibcs2/ibcs2_exec_coff.c Tue Nov 18 19:46:37 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_exec_coff.c,v 1.9 2003/11/05 04:03:21 christos Exp $ */
+/* $NetBSD: ibcs2_exec_coff.c,v 1.10 2003/11/18 19:46:37 itojun Exp $ */
/*
* Copyright (c) 1994, 1995, 1998 Scott Bartram
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.9 2003/11/05 04:03:21 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.10 2003/11/18 19:46:37 itojun Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -446,7 +446,7 @@
size_t resid;
struct coff_slhdr *slhdr;
char *buf, *bufp;
- int len = sh.s_size, path_index, entry_len;
+ long len = sh.s_size, path_index, entry_len;
if (len > 64 * 1024)
return ENOEXEC;
@@ -470,6 +470,13 @@
bufp = buf;
while (len) {
slhdr = (struct coff_slhdr *)bufp;
+
+ if (slhdr->path_index > LONG_MAX / sizeof(long) ||
+ slhdr->entry_len > LONG_MAX / sizeof(long)) {
+ free(buf, M_TEMP);
+ return ENOEXEC;
+ }
+
path_index = slhdr->path_index * sizeof(long);
entry_len = slhdr->entry_len * sizeof(long);
Home |
Main Index |
Thread Index |
Old Index