HomeFreeBSD
Diffusion FreeBSD src repository 69a456c0b60b

elf_note_prpsinfo: handle more failures from proc_getargv()
69a456c0b60b
Actions

Description

elf_note_prpsinfo: handle more failures from proc_getargv()

Resulting sbuf_len() from proc_getargv() might return 0 if user mangled
ps_strings enough. Also, sbuf_len() API contract is to return -1 if the
buffer overflowed. The later should not occur because get_ps_strings()
checks for catenated length, but check for this subtle detail explicitly
as well to be more resilent.

The end result is that p_comm is used in this situations.

Approved by: so
Security: FreeBSD-SA-22:09.elf
Reported by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
Reviewed by: delphij, markj
admbugs: 988
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35391

(cherry picked from commit 00d17cf342cd9f4f8fd1dcd79c8caec359145532)
(cherry picked from commit 8a44a2c644fc6d4ec1740fcc0b3ff01eac989ddf)

Details

Provenance
kibAuthored on Jun 3 2022, 8:21 AM
markjCommitted on Aug 9 2022, 8:00 PM
Reviewer
delphij
Differential Revision
Restricted Differential Revision
Parents
rG26db194f3db1: pam_exec: fix segfault when authtok is null
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
kern/

rG69a456c0b60b

View Options

sys/kern/imgact_elf.c

Loading...