ref: afc2d547e18381ce2dd0f69f0e88860d49b7e54f
parent: 8cef1794d6a092e72482bcb4927fced3b7b75d2a
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Dec 29 01:11:18 EST 2013
kernel: make sure user text, data and bss wont overlap the stack segment in sysexec()
--- a/sys/src/9/port/sysproc.c
+++ b/sys/src/9/port/sysproc.c
@@ -283,7 +283,7 @@
text = l2be(exec.text);
entry = l2be(exec.entry);
if(n==sizeof(Exec) && (magic == AOUT_MAGIC)){- if(text >= USTKTOP-UTZERO
+ if(text >= (USTKTOP-USTKSIZE)-(UTZERO+sizeof(Exec))
|| entry < UTZERO+sizeof(Exec)
|| entry >= UTZERO+sizeof(Exec)+text)
error(Ebadexec);
@@ -322,7 +322,7 @@
d = (t + data + (BY2PG-1)) & ~(BY2PG-1);
bssend = t + data + bss;
b = (bssend + (BY2PG-1)) & ~(BY2PG-1);
- if(t >= KZERO || d >= KZERO || b >= KZERO)
+ if(t >= (USTKTOP-USTKSIZE) || d >= (USTKTOP-USTKSIZE) || b >= (USTKTOP-USTKSIZE))
error(Ebadexec);
/*
--
⑨