Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make sure we have enough space in the buffer before reading it. 

From Ilja Van Sprundel.
This commit is contained in:
riastradh 2017-07-28 15:50:04 +00:00
parent 74f9c98ecc
commit 9a25e0f558
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/compat/ibcs2/ibcs2_exec_coff.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ibcs2_exec_coff.c,v 1.27 2017/07/28 15:47:23 riastradh Exp $ */
/* $NetBSD: ibcs2_exec_coff.c,v 1.28 2017/07/28 15:50:04 riastradh Exp $ */
/*
* Copyright (c) 1994, 1995, 1998 Scott Bartram
@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.27 2017/07/28 15:47:23 riastradh Exp $");
__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.28 2017/07/28 15:50:04 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -454,6 +454,10 @@ exec_ibcs2_coff_prep_zmagic(struct lwp *l, struct exec_package *epp, struct coff
}
bufp = tbuf;
while (len) {
if (len < sizeof(struct coff_slhdr)) {
free(tbuf, M_TEMP);
return ENOEXEC;
}
slhdr = (struct coff_slhdr *)bufp;
if (slhdr->path_index > LONG_MAX / sizeof(long) ||