diff options
Diffstat (limited to 'share/security/patches/SA-00:41/elf.patch')
| -rw-r--r-- | share/security/patches/SA-00:41/elf.patch | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/share/security/patches/SA-00:41/elf.patch b/share/security/patches/SA-00:41/elf.patch deleted file mode 100644 index e95b3570e3..0000000000 --- a/share/security/patches/SA-00:41/elf.patch +++ /dev/null @@ -1,65 +0,0 @@ ---- imgact_elf.c 2000/04/30 18:51:39 1.75 -+++ imgact_elf.c 2000/07/23 22:19:49 1.78 -@@ -190,6 +190,21 @@ - object = vp->v_object; - error = 0; - -+ /* -+ * It's necessary to fail if the filsz + offset taken from the -+ * header is greater than the actual file pager object's size. -+ * If we were to allow this, then the vm_map_find() below would -+ * walk right off the end of the file object and into the ether. -+ * -+ * While I'm here, might as well check for something else that -+ * is invalid: filsz cannot be greater than memsz. -+ */ -+ if ((off_t)filsz + offset > object->un_pager.vnp.vnp_size || -+ filsz > memsz) { -+ uprintf("elf_load_section: truncated ELF file\n"); -+ return (ENOEXEC); -+ } -+ - map_addr = trunc_page((vm_offset_t)vmaddr); - file_addr = trunc_page(offset); - -@@ -341,6 +356,12 @@ - } - - error = exec_map_first_page(imgp); -+ /* -+ * Also make certain that the interpreter stays the same, so set -+ * its VTEXT flag, too. -+ */ -+ if (error == 0) -+ nd.ni_vp->v_flag |= VTEXT; - VOP_UNLOCK(nd.ni_vp, 0, p); - if (error) - goto fail; -@@ -449,6 +470,17 @@ - /* - * From this point on, we may have resources that need to be freed. - */ -+ -+ /* -+ * Yeah, I'm paranoid. There is every reason in the world to get -+ * VTEXT now since from here on out, there are places we can have -+ * a context switch. Better safe than sorry; I really don't want -+ * the file to change while it's being loaded. -+ */ -+ simple_lock(&imgp->vp->v_interlock); -+ imgp->vp->v_flag |= VTEXT; -+ simple_unlock(&imgp->vp->v_interlock); -+ - if ((error = exec_extract_strings(imgp)) != 0) - goto fail; - -@@ -610,9 +642,6 @@ - imgp->auxargs = elf_auxargs; - imgp->interpreted = 0; - -- /* don't allow modifying the file while we run it */ -- imgp->vp->v_flag |= VTEXT; -- - fail: - return error; - } |