summaryrefslogtreecommitdiff
path: root/exec
diff options
context:
space:
mode:
authorSamuel Thibault <samuel.thibault@ens-lyon.org>2010-09-14 04:24:28 +0200
committerSamuel Thibault <samuel.thibault@ens-lyon.org>2010-09-14 04:25:42 +0200
commite59f3c667db81b200991dfb264423d87820f7f2d (patch)
treeb007f25d9e514923de93c52393f452929c354fb5 /exec
parenta7876db304a29c330eb1ad584933176939287fc8 (diff)
Protect exec from memory faults
* exec/exec.c (load_section): Call i`hurd_safe_copyin' instead of `memcpy'. Handle error case. (check_gzip): Likewise. (check_bzip2): Likewise.
Diffstat (limited to 'exec')
-rw-r--r--exec/exec.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/exec/exec.c b/exec/exec.c
index d8765003..25628d79 100644
--- a/exec/exec.c
+++ b/exec/exec.c
@@ -233,11 +233,12 @@ load_section (void *section, struct execdata *u)
u->error = (page == -1) ? errno : 0;
if (! u->error)
{
- memcpy ((void *) page, /* XXX/fault */
+ u->error = hurd_safe_copyin ((void *) page, /* XXX/fault */
(void *) (contents + (size - off)),
off);
- u->error = vm_write (u->task, mapstart + (size - off),
- page, vm_page_size);
+ if (! u->error)
+ u->error = vm_write (u->task, mapstart + (size - off),
+ page, vm_page_size);
munmap ((caddr_t) page, vm_page_size);
}
}
@@ -339,7 +340,10 @@ load_section (void *section, struct execdata *u)
const void *contents = map (u, filepos, readsize);
if (!contents)
goto maplose;
- memcpy (readaddr, contents, readsize); /* XXX/fault */
+ u->error = hurd_safe_copyin (readaddr, contents,
+ readsize); /* XXX/fault */
+ if (u->error)
+ goto maplose;
}
u->error = vm_write (u->task, overlap_page, ourpage, size);
if (u->error == KERN_PROTECTION_FAILURE)
@@ -1150,7 +1154,10 @@ check_gzip (struct execdata *earg)
return -1;
}
n = MIN (maxread, map_buffer (e) + map_fsize (e) - contents);
- memcpy (buf, contents, n); /* XXX/fault */
+ errno = hurd_safe_copyin (buf, contents, n); /* XXX/fault */
+ if (errno)
+ longjmp (ziperr, 2);
+
zipread_pos += n;
return n;
}
@@ -1257,7 +1264,10 @@ check_bzip2 (struct execdata *earg)
return -1;
}
n = MIN (maxread, map_buffer (e) + map_fsize (e) - contents);
- memcpy (buf, contents, n); /* XXX/fault */
+ errno = hurd_safe_copyin (buf, contents, n); /* XXX/fault */
+ if (errno)
+ longjmp (ziperr, 2);
+
zipread_pos += n;
return n;
}