blob: d68faef50521b683ed2de4207a79707d2077c8ed [file] [log] [blame] [raw]
Index: UPDATING
===================================================================
--- UPDATING (版本 337828)
+++ UPDATING (版本 338606)
@@ -16,6 +16,13 @@
the tip of head, and then rebuild without this option. The bootstrap process
from older version of current across the gcc/clang cutover is a bit fragile.
+20180912 p14 FreeBSD-SA-18:12.elf
+ FreeBSD-EN-18:08.lazyfpu
+
+ Fix improper elf header parsing. [SA-18:12.elf]
+
+ Fix regression in Lazy FPU remediation. [EN-18:08.lazyfpu]
+
20180814 p13 FreeBSD-SA-18:08.tcp [revised]
FreeBSD-SA-18:09.l1tf
FreeBSD-SA-18:10.ip
Index: sys/conf/newvers.sh
===================================================================
--- sys/conf/newvers.sh (版本 337828)
+++ sys/conf/newvers.sh (版本 338606)
@@ -44,7 +44,7 @@
TYPE="FreeBSD"
REVISION="11.1"
-BRANCH="RELEASE-p13"
+BRANCH="RELEASE-p14"
if [ -n "${BRANCH_OVERRIDE}" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Index: sys/kern/imgact_elf.c
===================================================================
--- sys/kern/imgact_elf.c (版本 337828)
+++ sys/kern/imgact_elf.c (版本 338606)
@@ -834,7 +834,8 @@
break;
case PT_INTERP:
/* Path to interpreter */
- if (phdr[i].p_filesz > MAXPATHLEN) {
+ if (phdr[i].p_filesz < 2 ||
+ phdr[i].p_filesz > MAXPATHLEN) {
uprintf("Invalid PT_INTERP\n");
error = ENOEXEC;
goto ret;
@@ -864,6 +865,11 @@
} else {
interp = __DECONST(char *, imgp->image_header) +
phdr[i].p_offset;
+ if (interp[interp_name_len - 1] != '\0') {
+ uprintf("Invalid PT_INTERP\n");
+ error = ENOEXEC;
+ goto ret;
+ }
}
break;
case PT_GNU_STACK:
Index: sys/kern/vfs_vnops.c
===================================================================
--- sys/kern/vfs_vnops.c (版本 337828)
+++ sys/kern/vfs_vnops.c (版本 338606)
@@ -529,6 +529,8 @@
struct vn_io_fault_args args;
int error, lock_flags;
+ if (offset < 0 && vp->v_type != VCHR)
+ return (EINVAL);
auio.uio_iov = &aiov;
auio.uio_iovcnt = 1;
aiov.iov_base = base;