From owner-cvs-src-old@FreeBSD.ORG  Mon Nov 23 11:52:40 2009
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 87C8F1065692
	for <cvs-src-old@freebsd.org>; Mon, 23 Nov 2009 11:52:40 +0000 (UTC)
	(envelope-from bz@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 74F9C8FC1F
	for <cvs-src-old@freebsd.org>; Mon, 23 Nov 2009 11:52:40 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id nANBqe6K072238
	for <cvs-src-old@freebsd.org>; Mon, 23 Nov 2009 11:52:40 GMT
	(envelope-from bz@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id nANBqe4x072237
	for cvs-src-old@freebsd.org; Mon, 23 Nov 2009 11:52:40 GMT
	(envelope-from bz@repoman.freebsd.org)
Message-Id: <200911231152.nANBqe4x072237@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	bz@repoman.freebsd.org using -f
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Mon, 23 Nov 2009 11:52:20 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: RELENG_6
Subject: cvs commit: src/sys/compat/pecoff imgact_pecoff.c
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Nov 2009 11:52:40 -0000

bz          2009-11-23 11:52:20 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_6)
    sys/compat/pecoff    imgact_pecoff.c 
  Log:
  SVN rev 199712 on 2009-11-23 11:52:20Z by bz
  
  MF7 r199330:
    Note: this change was never in head; thus directly merged from stable/7.
  
    As we pass the 'offset' unvalidated to vn_rdwr() make sure
    that it is unsigned rather than possibly set to something negative
    by a malicious binary.
  
    This is just the immediate fix to the problem mentioned in
    PR kern/80742 and by http://milw0rm.com/exploits/9206 but does
    not fix all possible problems imgact_pecoff has.
  
    As this feature does not work and is not compiled in by default,
    the security team considers this vulnerability to be of low risk
    to the user population and will not be issuing an advisory.
  
  PR:             kern/80742
  Reported by:    Oliver Pinter (oliver.pntr gmail.com) via freebsd-security
  Help reproducing and testing by: Damian Weber (dweber htw-saarland.de)
  
  Revision  Changes    Path
  1.39.2.1  +3 -3      src/sys/compat/pecoff/imgact_pecoff.c