From de62a587e27d71bef3cce57cf5580a7589a565cd Mon Sep 17 00:00:00 2001 From: deraadt Date: Sat, 11 Apr 2026 16:12:40 +0000 Subject: [PATCH] A binary without a PT_LOAD exec segment would later read a pinsyscall table and damage it strangely. Such a binary cannot actually run, but we should avoid the internal pinsyscall table damage, and fail the execve with EINVAL. reported by Stuart Thomas ok guenther --- sys/kern/exec_elf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c index f9621ab3851..abbd01ff10e 100644 --- a/sys/kern/exec_elf.c +++ b/sys/kern/exec_elf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exec_elf.c,v 1.195 2026/02/09 21:58:27 deraadt Exp $ */ +/* $OpenBSD: exec_elf.c,v 1.196 2026/04/11 16:12:40 deraadt Exp $ */ /* * Copyright (c) 1996 Per Fogelstrom @@ -551,7 +551,7 @@ elf_load_file(struct proc *p, char *path, struct exec_package *epp, } } - if (syscall_ph) { + if (syscall_ph && text_start != -1) { struct process *pr = p->p_p; vaddr_t base = pos; size_t len = text_end; @@ -569,7 +569,7 @@ elf_load_file(struct proc *p, char *path, struct exec_package *epp, pr->ps_pin.pn_npins = npins; } } else { - error = EINVAL; /* no pin table */ + error = EINVAL; /* nothing executable or no pin table */ goto bad1; }