diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2020-02-28 16:45:20 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2020-02-28 16:45:20 +0100 |
| commit | adb36de077c9bcd99072e86c7f84bac46a58e326 (patch) | |
| tree | 2a19e2483d5284dfe64599dbd01e00fe4bbfdd42 /sys | |
| parent | ff3e0eeb22816208360db3c87e501c5de7d998e3 (diff) | |
kernel: make sure we wont run into the tos when copying exec() arguments
in case the calling process changes its arguments under us, it could
happen that the final argument string lengths become bigger than
initially calculated. this is fine as we still make sure we wont
overflow the stack segment, but we could overrun into the tos
structure at the end of the stack. so change the limit to the
base of the tos, not the end of the stack segment.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/src/9/port/sysproc.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/src/9/port/sysproc.c b/sys/src/9/port/sysproc.c index 075fdbd43..bfaae1d10 100644 --- a/sys/src/9/port/sysproc.c +++ b/sys/src/9/port/sysproc.c @@ -466,8 +466,10 @@ sysexec(va_list list) if(indir) e = strchr(a, 0); else { + if(charp >= (char*)tos) + error(Ebadarg); validaddr((uintptr)a, 1, 0); - e = vmemchr(a, 0, (char*)tstk - charp); + e = vmemchr(a, 0, (char*)tos - charp); if(e == nil) error(Ebadarg); } |