Date: Wed, 26 Oct 2016 16:25:50 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Tijl Coosemans <tijl@FreeBSD.org> Cc: Gleb Smirnoff <glebius@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r307936 - head/sys/amd64/amd64 Message-ID: <20161026132550.GV54029@kib.kiev.ua> In-Reply-To: <20161025212600.36e91455@kalimero.tijl.coosemans.org> References: <201610251713.u9PHDkq2076226@repo.freebsd.org> <20161025212600.36e91455@kalimero.tijl.coosemans.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 25, 2016 at 09:26:00PM +0200, Tijl Coosemans wrote: > On Tue, 25 Oct 2016 17:13:46 +0000 (UTC) Gleb Smirnoff <glebius@FreeBSD.org> wrote: > > Author: glebius > > Date: Tue Oct 25 17:13:46 2016 > > New Revision: 307936 > > URL: https://svnweb.freebsd.org/changeset/base/307936 > > > > Log: > > The argument validation in r296956 was not enough to close all possible > > overflows in sysarch(2). > > > > Submitted by: Kun Yang <kun.yang chaitin.com> > > Patch by: kib > > Security: SA-16:15 > > > > Modified: > > head/sys/amd64/amd64/sys_machdep.c > > This patch and r296956 need to be applied to i386 too, don't they? I do not think so. The amd64 bug is that I thought that the overflow checks were not needed, which appeared to be not true. i386_set_ldt(), which is the i386 version of amd64_set_ldt(), already contained the comparisions of largest_ld with pldt->ldt_len etc. Still, independend look at the i386 (and amd64 version as well) is more than welcomed, so please read the code yourself.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161026132550.GV54029>