[src/netbsd-8]: src/sys/kern Pull up the following revisions, requested by ma...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/ae56ff4c2eef
branches:  netbsd-8
changeset: 453751:ae56ff4c2eef
user:      martin <martin%NetBSD.org@localhost>
date:      Sun Aug 04 11:25:43 2019 +0000

description:
Pull up the following revisions, requested by maxv in ticket #1324:

        sys/kern/kern_exec.c    1.469-1.478 (via patch)

Fix off-by-one and info leak.

diffstat:

 sys/kern/kern_exec.c |  38 ++++++++++++++++++++++----------------
 1 files changed, 22 insertions(+), 16 deletions(-)

diffs (101 lines):

diff -r e74f287884aa -r ae56ff4c2eef sys/kern/kern_exec.c
--- a/sys/kern/kern_exec.c      Sun Aug 04 11:19:03 2019 +0000
+++ b/sys/kern/kern_exec.c      Sun Aug 04 11:25:43 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_exec.c,v 1.442.4.4 2018/11/21 11:58:32 martin Exp $       */
+/*     $NetBSD: kern_exec.c,v 1.442.4.5 2019/08/04 11:25:43 martin Exp $       */
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -59,7 +59,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.442.4.4 2018/11/21 11:58:32 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.442.4.5 2019/08/04 11:25:43 martin Exp $");
 
 #include "opt_exec.h"
 #include "opt_execfmt.h"
@@ -541,6 +541,12 @@
            SCARG(uap, envp), execve_fetch_element);
 }
 
+/*
+ * Copy the user or kernel supplied upath to the allocated pathbuffer pbp
+ * making it absolute in the process, by prepending the current working
+ * directory if it is not. If offs is supplied it will contain the offset
+ * where the original supplied copy of upath starts.
+ */
 int
 sys_fexecve(struct lwp *l, const struct sys_fexecve_args *uap,
     register_t *retval)
@@ -610,11 +616,8 @@
 
        path = PNBUF_GET();
        error = copyinstr(upath, path, MAXPATHLEN, &len);
-       if (error) {
-               PNBUF_PUT(path);
-               DPRINTF(("%s: copyin path @%p %d\n", __func__, upath, error));
-               return error;
-       }
+       if (error)
+               goto err;
 
        if (path[0] == '/') {
                *offs = 0;
@@ -622,8 +625,10 @@
        }
 
        len++;
-       if (len + 1 >= MAXPATHLEN)
-               goto out;
+       if (len + 1 >= MAXPATHLEN) {
+               error = ENAMETOOLONG;
+               goto err;
+       }
        bp = path + MAXPATHLEN - len;
        memmove(bp, path, len);
        *(--bp) = '/';
@@ -634,19 +639,19 @@
            GETCWD_CHECK_ACCESS, l);
        rw_exit(&cwdi->cwdi_lock);
 
-       if (error) {
-               DPRINTF(("%s: getcwd_common path %s %d\n", __func__, path,
-                   error));
-               goto out;
-       }
+       if (error)
+               goto err;
        tlen = path + MAXPATHLEN - bp;
 
        memmove(path, bp, tlen);
-       path[tlen] = '\0';
+       path[tlen - 1] = '\0';
        *offs = tlen - len;
 out:
        *pbp = pathbuf_assimilate(path);
        return 0;
+err:
+       PNBUF_PUT(path);
+       return error;
 }
 
 vaddr_t
@@ -672,7 +677,7 @@
        struct proc             *p;
        char                    *dp;
        u_int                   modgen;
-       size_t                  offs = 0;       // XXX: GCC
+       size_t                  offs;
 
        KASSERT(data != NULL);
 
@@ -2088,6 +2093,7 @@
        /* handle posix_spawnattr */
        if (spawn_data->sed_attrs != NULL) {
                struct sigaction sigact;
+               memset(&sigact, 0, sizeof(sigact));
                sigact._sa_u._sa_handler = SIG_DFL;
                sigact.sa_flags = 0;