aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-08-13 12:13:50 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-08-13 12:13:50 +0000
commitf7c0f48d86ab8880eb640a2aaf7c5df8e8f8a8cf (patch)
treead612a158106b82bc0692e80c39653eb1f75654f
parent9d2fd60b1ef761b27fa6c23ce36396ebf720fd5c (diff)
downloadsrc-f7c0f48d86ab8880eb640a2aaf7c5df8e8f8a8cf.tar.gz
src-f7c0f48d86ab8880eb640a2aaf7c5df8e8f8a8cf.zip
MFC of upc_syscalls:1.123,1.124 and vesa.c:1.37.
Submitted by: Silvio Cesare <silvio@qualys.com> (1.123, 1.37)
Notes
Notes: svn path=/releng/4.5/; revision=101797
Diffstat
-rw-r--r--UPDATING4
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--sys/i386/isa/vesa.c4
-rw-r--r--sys/kern/uipc_syscalls.c10
4 files changed, 18 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index ce41f93c2305..b288f21085d6 100644
--- a/UPDATING
+++ b/UPDATING
@@ -18,6 +18,10 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20020813: p19
+ Bounds checking errors in accept(), getsockname(),
+ getpeername(), and a VESA ioctl() command were corrected.
+
20020805: p18 FreeBSD-SA-02:33.openssl
Correct a bug in the ASN.1 decoder which was introduced with
the recent OpenSSL update.
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 617e7c130aef..743009d19635 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.5"
-BRANCH="RELEASE-p18"
+BRANCH="RELEASE-p19"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"
diff --git a/sys/i386/isa/vesa.c b/sys/i386/isa/vesa.c
index 3fc68afb0651..630501c0526a 100644
--- a/sys/i386/isa/vesa.c
+++ b/sys/i386/isa/vesa.c
@@ -1317,7 +1317,9 @@ get_palette(video_adapter_t *adp, int base, int count,
int bits;
int error;
- if ((base < 0) || (base >= 256) || (base + count > 256))
+ if ((base < 0) || (base >= 256) || (count < 0) || (count > 256))
+ return 1;
+ if (base + count > 256)
return 1;
if (!(vesa_adp_info->v_flags & V_DAC8) || !VESA_MODE(adp->va_mode))
return 1;
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 4b8735fd6671..3c652b9725a1 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -206,6 +206,8 @@ accept1(p, uap, compat)
sizeof (namelen));
if(error)
return (error);
+ if (namelen < 0)
+ return (EINVAL);
}
error = holdsock(fdp, uap->s, &lfp);
if (error)
@@ -1193,6 +1195,10 @@ getsockname1(p, uap, compat)
fdrop(fp, p);
return (error);
}
+ if (len < 0) {
+ fdrop(fp, p);
+ return (EINVAL);
+ }
so = (struct socket *)fp->f_data;
sa = 0;
error = (*so->so_proto->pr_usrreqs->pru_sockaddr)(so, &sa);
@@ -1272,6 +1278,10 @@ getpeername1(p, uap, compat)
fdrop(fp, p);
return (error);
}
+ if (len < 0) {
+ fdrop(fp, p);
+ return (EINVAL);
+ }
sa = 0;
error = (*so->so_proto->pr_usrreqs->pru_peeraddr)(so, &sa);
if (error)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-17 03:31:49 +0000