kernel: make sure user text, data and bss wont overlap the stack segment in sysexec()

author: cinap_lenrek <cinap_lenrek@felloff.net> 2013-12-29 06:11:18 +0100
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2013-12-29 06:11:18 +0100
commit: afc2d547e18381ce2dd0f69f0e88860d49b7e54f (patch)
tree: b39279a3e41a12701297a1b7f57561b10155bf96
parent: 8cef1794d6a092e72482bcb4927fced3b7b75d2a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/src/9/port/sysproc.c b/sys/src/9/port/sysproc.c
index fbad6942f..ab37bb68c 100644
--- a/sys/src/9/port/sysproc.c
+++ b/sys/src/9/port/sysproc.c
@@ -283,7 +283,7 @@ sysexec(ulong *arg)
 		text = l2be(exec.text);
 		entry = l2be(exec.entry);
 		if(n==sizeof(Exec) && (magic == AOUT_MAGIC)){
-			if(text >= USTKTOP-UTZERO
+			if(text >= (USTKTOP-USTKSIZE)-(UTZERO+sizeof(Exec))
 			|| entry < UTZERO+sizeof(Exec)
 			|| entry >= UTZERO+sizeof(Exec)+text)
 				error(Ebadexec);
@@ -322,7 +322,7 @@ sysexec(ulong *arg)
 	d = (t + data + (BY2PG-1)) & ~(BY2PG-1);
 	bssend = t + data + bss;
 	b = (bssend + (BY2PG-1)) & ~(BY2PG-1);
-	if(t >= KZERO || d >= KZERO || b >= KZERO)
+	if(t >= (USTKTOP-USTKSIZE) || d >= (USTKTOP-USTKSIZE) || b >= (USTKTOP-USTKSIZE))
 		error(Ebadexec);
 
 	/*
author	cinap_lenrek <cinap_lenrek@felloff.net>	2013-12-29 06:11:18 +0100
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2013-12-29 06:11:18 +0100
commit	afc2d547e18381ce2dd0f69f0e88860d49b7e54f (patch)
tree	b39279a3e41a12701297a1b7f57561b10155bf96
parent	8cef1794d6a092e72482bcb4927fced3b7b75d2a (diff)