Re: kern/155321: imgact_shell integer underflow when argv[0] is longer than interp + path

Devon H. O'Dell Sun, 06 Mar 2011 13:37:24 -0800

Actually, kib@ points out that this isn't quite correct; the correct
fix should indeed be a 1-liner, attached.


--dho

Index: sys/kern/imgact_shell.c
===================================================================
--- sys/kern/imgact_shell.c     (revision 219345)
+++ sys/kern/imgact_shell.c     (working copy)
@@ -195,7 +195,7 @@
        length = (imgp->args->argc == 0) ? 0 :
            strlen(imgp->args->begin_argv) + 1;         /* bytes to delete */
 
-       if (offset - length > imgp->args->stringspace) {
+       if (offset > length && offset - length > imgp->args->stringspace) {
                if (sname != NULL)
                        sbuf_delete(sname);
                return (E2BIG);

_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Re: kern/155321: imgact_shell integer underflow when argv[0] is longer than interp + path

Reply via email to