10.4/releng-p12.diff - freebsd-patches - Rivoreo Source Code Repositories

 Index: UPDATING
 ===================================================================
 --- UPDATING	(revision 337829)
 +++ UPDATING	(revision 338606)
 @@ -17,6 +17,10 @@
  older version of current is a bit fragile.


 +20180912	p12	FreeBSD-SA-18:12.elf
 +
 +	Fix improper elf header parsing.
 +
  20180814	p11	FreeBSD-SA-18:08.tcp [revised]
  			FreeBSD-SA-18:11.hostapd

 Index: sys/conf/newvers.sh
 ===================================================================
 --- sys/conf/newvers.sh	(revision 337829)
 +++ sys/conf/newvers.sh	(revision 338606)
 @@ -32,7 +32,7 @@

  TYPE="FreeBSD"
  REVISION="10.4"
 -BRANCH="RELEASE-p11"
 +BRANCH="RELEASE-p12"
  if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
  	BRANCH=${BRANCH_OVERRIDE}
  fi
 Index: sys/kern/imgact_elf.c
 ===================================================================
 --- sys/kern/imgact_elf.c	(revision 337829)
 +++ sys/kern/imgact_elf.c	(revision 338606)
 @@ -795,7 +795,8 @@
  			break;
  		case PT_INTERP:
  			/* Path to interpreter */
 -			if (phdr[i].p_filesz > MAXPATHLEN) {
 +			if (phdr[i].p_filesz < 2 ||
 +			    phdr[i].p_filesz > MAXPATHLEN) {
  				uprintf("Invalid PT_INTERP\n");
  				error = ENOEXEC;
  				goto ret;
 @@ -825,6 +826,11 @@
  			} else {
  				interp = __DECONST(char *, imgp->image_header) +
  				    phdr[i].p_offset;
 +				if (interp[interp_name_len - 1] != '\0') {
 +					uprintf("Invalid PT_INTERP\n");
 +					error = ENOEXEC;
 +					goto ret;
 +				}
  			}
  			break;
  		case PT_GNU_STACK:
 Index: sys/kern/vfs_vnops.c
 ===================================================================
 --- sys/kern/vfs_vnops.c	(revision 337829)
 +++ sys/kern/vfs_vnops.c	(revision 338606)
 @@ -510,6 +510,8 @@
  	struct vn_io_fault_args args;
  	int error, lock_flags;

 +	if (offset < 0 && vp->v_type != VCHR)
 +		return (EINVAL);
  	auio.uio_iov = &aiov;
  	auio.uio_iovcnt = 1;
  	aiov.iov_base = base;
	Index: UPDATING
	===================================================================
	--- UPDATING (revision 337829)
	+++ UPDATING (revision 338606)
	@@ -17,6 +17,10 @@
	older version of current is a bit fragile.


	+20180912 p12 FreeBSD-SA-18:12.elf
	+
	+ Fix improper elf header parsing.
	+
	20180814 p11 FreeBSD-SA-18:08.tcp [revised]
	FreeBSD-SA-18:11.hostapd

	Index: sys/conf/newvers.sh
	===================================================================
	--- sys/conf/newvers.sh (revision 337829)
	+++ sys/conf/newvers.sh (revision 338606)
	@@ -32,7 +32,7 @@

	TYPE="FreeBSD"
	REVISION="10.4"
	-BRANCH="RELEASE-p11"
	+BRANCH="RELEASE-p12"
	if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
	BRANCH=${BRANCH_OVERRIDE}
	fi
	Index: sys/kern/imgact_elf.c
	===================================================================
	--- sys/kern/imgact_elf.c (revision 337829)
	+++ sys/kern/imgact_elf.c (revision 338606)
	@@ -795,7 +795,8 @@
	break;
	case PT_INTERP:
	/* Path to interpreter */
	- if (phdr[i].p_filesz > MAXPATHLEN) {
	+ if (phdr[i].p_filesz < 2 \|\|
	+ phdr[i].p_filesz > MAXPATHLEN) {
	uprintf("Invalid PT_INTERP\n");
	error = ENOEXEC;
	goto ret;
	@@ -825,6 +826,11 @@
	} else {
	interp = __DECONST(char *, imgp->image_header) +
	phdr[i].p_offset;
	+ if (interp[interp_name_len - 1] != '\0') {
	+ uprintf("Invalid PT_INTERP\n");
	+ error = ENOEXEC;
	+ goto ret;
	+ }
	}
	break;
	case PT_GNU_STACK:
	Index: sys/kern/vfs_vnops.c
	===================================================================
	--- sys/kern/vfs_vnops.c (revision 337829)
	+++ sys/kern/vfs_vnops.c (revision 338606)
	@@ -510,6 +510,8 @@
	struct vn_io_fault_args args;
	int error, lock_flags;

	+ if (offset < 0 && vp->v_type != VCHR)
	+ return (EINVAL);
	auio.uio_iov = &aiov;
	auio.uio_iovcnt = 1;
	aiov.iov_base = base;