Add missing boot.4th verification

During initialization of the forth interpreter the loader looks for "/boot/boot.4th" and executes any code found there. That file was loaded bypassing verification. Add a call to verify_file to change that. Submitted by: Kornel Duleba <mindal@semihalf.com> Reviewed by: sjg Obtained from: Semihalf Sponsored by: Stormshield
2026-05-28 04:12:45 -04:00 · 2019-03-19 02:45:32 +00:00 · 2019-03-19 02:45:32 +00:00 · c42e554dc9
commit c42e554dc9
parent 3caad0b8f4
1 changed files with 6 additions and 0 deletions
--- a/stand/common/interp_forth.c
+++ b/stand/common/interp_forth.c
@ -283,6 +283,12 @@ bf_init(void)

 	/* try to load and run init file if present */
 	if ((fd = open("/boot/boot.4th", O_RDONLY)) != -1) {
+#ifdef LOADER_VERIEXEC
+		if (verify_file(fd, "/boot/boot.4th", 0, VE_GUESS) < 0) {
+			close(fd);
+			return;
+		}
+#endif
 		(void)ficlExecFD(bf_vm, fd);
 		close(fd);
 	}