Date: Mon, 30 Jan 2006 12:17:29 +0000 (UTC) From: Ariff Abdullah <ariff@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_environment.c Message-ID: <200601301217.k0UCHTvt085004@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
ariff 2006-01-30 12:17:29 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_5)
sys/kern kern_environment.c
Log:
MFC:
Add bounds checking to the setenv part of the kernel environment.
This has no security implications since only root is allowed to use
kenv(1) (and corrupt the kernel memory after adding too much variables
previous to this commit).
This is based upon the PR [1] mentioned below, but extended to check both
bounds (in case of an overflow of the counting variable) and to comply
to the style of the function. An overflow of the counting variable
shouldn't happen after adding the check for the upper bound, but better
safe than sorry (in case some other function in the kernel overwrites
random memory).
An interested soul may want to add a printf to notify root in case the
bounds are hit.
Also allocate KENV_SIZE+1 entries (the array is NULL-terminated), since
the comment for KENV_SIZE says it's the maximum number of environment
strings. [2]
Reorder statements to avoid accessing unknown memory.
In theory, invoking kenv with very long string can panic
kernel.
PR: 83687 [1]
Submitted by: Harry Coin <harrycoin@qconline.com> [1]
Revision Changes Path
1.34.2.3 +10 -3 src/sys/kern/kern_environment.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601301217.k0UCHTvt085004>