Permalink
Browse files

kern: fix integer underflow in exec_shell_imgact.

was returning E2BIG whenever argv[0] is longer interp+path.
see also FreeBSD PR 155321.
  • Loading branch information...
1 parent 060fb3f commit e7ec10384dcffddd72312c27e8dd669164b4e71f @minux minux committed with fupjack Mar 1, 2014
Showing with 1 addition and 1 deletion.
  1. +1 −1 sys/kern/imgact_shell.c
View
2 sys/kern/imgact_shell.c
@@ -117,7 +117,7 @@ exec_shell_imgact(struct image_params *imgp)
offset += strlen(imgp->args->fname) + 1; /* add fname */
length = strlen(imgp->args->begin_argv) + 1; /* bytes to delete */
- if (offset - length > imgp->args->space)
+ if (offset > imgp->args->space + length)
return (E2BIG);
bcopy(imgp->args->begin_argv + length, imgp->args->begin_argv + offset,

0 comments on commit e7ec103

Please sign in to comment.