Date: Wed, 23 Mar 2005 08:27:59 +0000 (UTC) From: David Schultz <das@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/amd64/linux32 linux32_sysvec.c src/sys/sys exec.h Message-ID: <200503230827.j2N8Rxcp021896@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
das 2005-03-23 08:27:59 UTC
FreeBSD src repository
Modified files:
sys/amd64/linux32 linux32_sysvec.c
sys/sys exec.h
Log:
Make ps_nargvstr and ps_nenvstr unsigned. This fixes an input
validation error in procfs/linprocfs that can be exploited by local
users to cause a kernel panic. All versions of FreeBSD with the patch
referenced in SA-04:17.procfs have this bug, but versions without that
patch have a more serious bug instead. This problem only affects
systems on which procfs or linprocfs is mounted.
Found by: Coverity Prevent analysis tool
Security: Local DOS
Revision Changes Path
1.7 +2 -2 src/sys/amd64/linux32/linux32_sysvec.c
1.32 +2 -2 src/sys/sys/exec.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503230827.j2N8Rxcp021896>