Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make sure we move forward over the buffer. 

From Ilja Van Sprundel.
This commit is contained in:
riastradh 2017-07-28 15:51:35 +00:00
parent 9a25e0f558
commit 18c4e4218d
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/compat/ibcs2/ibcs2_exec_coff.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ibcs2_exec_coff.c,v 1.28 2017/07/28 15:50:04 riastradh Exp $ */
/* $NetBSD: ibcs2_exec_coff.c,v 1.29 2017/07/28 15:51:35 riastradh Exp $ */
/*
* Copyright (c) 1994, 1995, 1998 Scott Bartram
@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.28 2017/07/28 15:50:04 riastradh Exp $");
__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.29 2017/07/28 15:51:35 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -469,7 +469,8 @@ exec_ibcs2_coff_prep_zmagic(struct lwp *l, struct exec_package *epp, struct coff
/* path_index = slhdr->path_index * sizeof(long); */
entry_len = slhdr->entry_len * sizeof(long);
if (entry_len > len ||
if (entry_len < sizeof(struct coff_slhdr) ||
entry_len > len ||
strnlen(slhdr->sl_name, entry_len) == entry_len) {
free(tbuf, M_TEMP);
return ENOEXEC;