diff options
author | Jacques Vidrine <nectar@FreeBSD.org> | 2003-08-10 23:23:57 +0000 |
---|---|---|
committer | Jacques Vidrine <nectar@FreeBSD.org> | 2003-08-10 23:23:57 +0000 |
commit | 408da93b82d9488bf73f5c1d1f34133608b1c724 (patch) | |
tree | 6b92069354e882a5c6dd746f828cac6f6513988b | |
parent | ca0731ec8f75ba7106ee3af21129434c593f40e2 (diff) | |
download | src-408da93b82d9488bf73f5c1d1f34133608b1c724.tar.gz src-408da93b82d9488bf73f5c1d1f34133608b1c724.zip |
MFC sys_process.c 1.113, spigot.c 1.60:
Add or correct range checking of signal numbers in system calls and
ioctls.
Notes
Notes:
svn path=/releng/4.3/; revision=118753
-rw-r--r-- | UPDATING | 3 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
-rw-r--r-- | sys/i386/isa/spigot.c | 2 | ||||
-rw-r--r-- | sys/kern/sys_process.c | 3 |
4 files changed, 8 insertions, 2 deletions
@@ -16,6 +16,9 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20030810: p34 FreeBSD-SA-03:09.signal + Repair range-checking errors in signal handling. + 20030804: p33 FreeBSD-SA-03:08.realpath Correct a single byte buffer overflow in realpath(3). diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index aaabe7ce885f..8e3d4d749a1a 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="4.3" -BRANCH="RELEASE-p33" +BRANCH="RELEASE-p34" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/i386/isa/spigot.c b/sys/i386/isa/spigot.c index cdb05b72d54a..5f78c9af4344 100644 --- a/sys/i386/isa/spigot.c +++ b/sys/i386/isa/spigot.c @@ -221,6 +221,8 @@ struct spigot_info *info; if(!data) return(EINVAL); switch(cmd){ case SPIGOT_SETINT: + if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG) + return (EINVAL); ss->p = p; ss->signal_num = *((int *)data); break; diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index 482663c793d8..402970da9ba8 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -334,7 +334,8 @@ ptrace(curp, uap) case PT_STEP: case PT_CONTINUE: case PT_DETACH: - if ((uap->req != PT_STEP) && ((unsigned)uap->data >= NSIG)) + /* Zero means do not send any signal */ + if (data < 0 || data > _SIG_MAXSIG) return EINVAL; PHOLD(p); |