diff options
| author | Colin Percival <cperciva@FreeBSD.org> | 2005-05-06 02:40:32 +0000 |
|---|---|---|
| committer | Colin Percival <cperciva@FreeBSD.org> | 2005-05-06 02:40:32 +0000 |
| commit | c7be66d1904c2bc85c73040d0b98529bd9ad5a92 (patch) | |
| tree | 5f042d43c9dd5dc130c67d1a2ac4af8379545dc9 | |
| parent | e0b13f513277ce4d0fe927cfc88835670f24a08e (diff) | |
Notes
| -rw-r--r-- | UPDATING | 3 | ||||
| -rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
| -rw-r--r-- | sys/i386/i386/sys_machdep.c | 9 |
3 files changed, 8 insertions, 6 deletions
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20050506: p6 FreeBSD-SA-05:07.ldt + Correctly validate inputs to the i386_get_ldt syscall. + 20050506: p5 FreeBSD-SA-05:06.iir Correct overly liberal permissions on /dev/iir. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 7b080f1cbf5f..40c0bbd17870 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="4.11" -BRANCH="RELEASE-p5" +BRANCH="RELEASE-p6" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/i386/i386/sys_machdep.c b/sys/i386/i386/sys_machdep.c index f87e333cbf88..a9dcf48254a3 100644 --- a/sys/i386/i386/sys_machdep.c +++ b/sys/i386/i386/sys_machdep.c @@ -342,10 +342,6 @@ i386_get_ldt(p, args) uap->start, uap->num, (void *)uap->descs); #endif - /* verify range of LDTs exist */ - if ((uap->start < 0) || (uap->num <= 0)) - return(EINVAL); - s = splhigh(); if (pcb_ldt) { @@ -357,7 +353,10 @@ i386_get_ldt(p, args) num = min(uap->num, nldt); lp = &ldt[uap->start]; } - if (uap->start + num > nldt) { + + if ((uap->start > (unsigned int)nldt) || + ((unsigned int)num > (unsigned int)nldt) || + ((unsigned int)(uap->start + num) > (unsigned int)nldt)) { splx(s); return(EINVAL); } |