The branch main has been updated by mjg:
URL:
https://cgit.FreeBSD.org/src/commit/?id=0f600883990ea96d2026389cfe84ca6130f6d3aa
commit 0f600883990ea96d2026389cfe84ca6130f6d3aa
Author: Mateusz Guzik <m...@freebsd.org>
AuthorDate: 2022-03-25 18:19:36 +0000
Commit: Mateusz Guzik <m...@freebsd.org>
CommitDate: 2022-03-25 18:19:36 +0000
vfs: set cn_namelen when handling degenerate lookups
Turns out execve looks at it to store binary name, but in order to
trigger the problem one has to be trying to exec '/'. As is the value
would be left uninitialized (or rather set to -1 on debug kernels).
Fixes: 56244d35741a62e7 ("vfs: hoist degenerate path lookups out of the
loop")
---
sys/kern/vfs_lookup.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c
index 71173d189ef2..faef7b6cb254 100644
--- a/sys/kern/vfs_lookup.c
+++ b/sys/kern/vfs_lookup.c
@@ -853,6 +853,7 @@ vfs_lookup_degenerate(struct nameidata *ndp, struct vnode
*dp, int wantparent)
VREF(dp);
}
ndp->ni_vp = dp;
+ cnp->cn_namelen = 0;
if (cnp->cn_flags & AUDITVNODE1)
AUDIT_ARG_VNODE1(dp);
