Index: sys/compat/linprocfs/linprocfs.c =================================================================== RCS file: /home/ncvs/src/sys/compat/linprocfs/linprocfs.c,v retrieving revision 1.84 diff -u -r1.84 linprocfs.c --- sys/compat/linprocfs/linprocfs.c 16 Aug 2004 08:19:18 -0000 1.84 +++ sys/compat/linprocfs/linprocfs.c 27 Nov 2004 12:28:00 -0000 @@ -769,6 +769,7 @@ linprocfs_doproccmdline(PFS_FILL_ARGS) { struct ps_strings pstr; + char **ps_argvstr; int error, i; /* @@ -794,10 +795,21 @@ sizeof(pstr)); if (error) return (error); + if (pstr.ps_nargvstr > ARG_MAX) + return (E2BIG); + ps_argvstr = malloc(pstr.ps_nargvstr * sizeof(char *), + M_TEMP, M_WAITOK); + error = copyin((void *)pstr.ps_argvstr, ps_argvstr, + pstr.ps_nargvstr * sizeof(char *)); + if (error) { + free(ps_argvstr, M_TEMP); + return (error); + } for (i = 0; i < pstr.ps_nargvstr; i++) { - sbuf_copyin(sb, pstr.ps_argvstr[i], 0); + sbuf_copyin(sb, ps_argvstr[i], 0); sbuf_printf(sb, "%c", '\0'); } + free(ps_argvstr, M_TEMP); } return (0); Index: sys/fs/procfs/procfs_status.c =================================================================== RCS file: /home/ncvs/src/sys/fs/procfs/procfs_status.c,v retrieving revision 1.53 diff -u -r1.53 procfs_status.c --- sys/fs/procfs/procfs_status.c 5 Oct 2004 18:51:10 -0000 1.53 +++ sys/fs/procfs/procfs_status.c 27 Nov 2004 12:28:00 -0000 @@ -173,6 +173,7 @@ procfs_doproccmdline(PFS_FILL_ARGS) { struct ps_strings pstr; + char **ps_argvstr; int error, i; /* @@ -199,10 +200,21 @@ sizeof(pstr)); if (error) return (error); + if (pstr.ps_nargvstr > ARG_MAX) + return (E2BIG); + ps_argvstr = malloc(pstr.ps_nargvstr * sizeof(char *), + M_TEMP, M_WAITOK); + error = copyin((void *)pstr.ps_argvstr, ps_argvstr, + pstr.ps_nargvstr * sizeof(char *)); + if (error) { + free(ps_argvstr, M_TEMP); + return (error); + } for (i = 0; i < pstr.ps_nargvstr; i++) { - sbuf_copyin(sb, pstr.ps_argvstr[i], 0); + sbuf_copyin(sb, ps_argvstr[i], 0); sbuf_printf(sb, "%c", '\0'); } + free(ps_argvstr, M_TEMP); } return (0);