diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2010-09-14 04:24:28 +0200 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2010-09-14 04:25:42 +0200 |
| commit | e59f3c667db81b200991dfb264423d87820f7f2d (patch) | |
| tree | b007f25d9e514923de93c52393f452929c354fb5 | |
| parent | a7876db304a29c330eb1ad584933176939287fc8 (diff) | |
Protect exec from memory faults
* exec/exec.c (load_section): Call i`hurd_safe_copyin' instead of `memcpy'.
Handle error case.
(check_gzip): Likewise.
(check_bzip2): Likewise.
| -rw-r--r-- | exec/exec.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/exec/exec.c b/exec/exec.c index d8765003..25628d79 100644 --- a/exec/exec.c +++ b/exec/exec.c @@ -233,11 +233,12 @@ load_section (void *section, struct execdata *u) u->error = (page == -1) ? errno : 0; if (! u->error) { - memcpy ((void *) page, /* XXX/fault */ + u->error = hurd_safe_copyin ((void *) page, /* XXX/fault */ (void *) (contents + (size - off)), off); - u->error = vm_write (u->task, mapstart + (size - off), - page, vm_page_size); + if (! u->error) + u->error = vm_write (u->task, mapstart + (size - off), + page, vm_page_size); munmap ((caddr_t) page, vm_page_size); } } @@ -339,7 +340,10 @@ load_section (void *section, struct execdata *u) const void *contents = map (u, filepos, readsize); if (!contents) goto maplose; - memcpy (readaddr, contents, readsize); /* XXX/fault */ + u->error = hurd_safe_copyin (readaddr, contents, + readsize); /* XXX/fault */ + if (u->error) + goto maplose; } u->error = vm_write (u->task, overlap_page, ourpage, size); if (u->error == KERN_PROTECTION_FAILURE) @@ -1150,7 +1154,10 @@ check_gzip (struct execdata *earg) return -1; } n = MIN (maxread, map_buffer (e) + map_fsize (e) - contents); - memcpy (buf, contents, n); /* XXX/fault */ + errno = hurd_safe_copyin (buf, contents, n); /* XXX/fault */ + if (errno) + longjmp (ziperr, 2); + zipread_pos += n; return n; } @@ -1257,7 +1264,10 @@ check_bzip2 (struct execdata *earg) return -1; } n = MIN (maxread, map_buffer (e) + map_fsize (e) - contents); - memcpy (buf, contents, n); /* XXX/fault */ + errno = hurd_safe_copyin (buf, contents, n); /* XXX/fault */ + if (errno) + longjmp (ziperr, 2); + zipread_pos += n; return n; } |