Date: Wed, 22 Sep 2004 21:08:00 +0200 From: gerarra@tin.it To: freebsd-hackers@freebsd.org Cc: truckman@freebsd.org Subject: freebsd kernel buffer overflow patch Message-ID: <4146316C00012CA0@ims3a.cp.tin.it>
next in thread | raw e-mail | index | archive | help
Hi,
I've seen a potential problem in my patch; SYF_MPSAFE flag for MP safe sy=
scalls
is not managed; maybe something like that is better:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
kern/kern_syscalls.c:
--- kern_syscalls.c Sat Sep 18 13:42:21 2004
+++ kern_syscalls2.c Wed Sep 22 20:25:22 2004
@@ -35,6 +35,7 @@
#include <sys/mutex.h>
#include <sys/sx.h>
#include <sys/module.h>
+#include <systm.h>
/*
* Acts like "nosys" but can be identified in sysent for dynamic call
@@ -58,6 +59,17 @@
syscall_register(int *offset, struct sysent *new_sysent,
struct sysent *old_sysent)
{
+#ifdef MAX_SYSCALL_ARGS
+ if ( (new_sysent->sy_narg & ~SYF_MPSAFE) < 0 ||
+ (new_sysent->sy_narg & ~SYF_MPSAFE) > MAX_SYSCALL_ARGS)
+ {
+ printf("Invalid sy_narg for syscall: boundary is [0 - %d]=
\n",
+ MAX_SYSCALL_ARGS);
+ return EINVAL;
+ }
+#endif
+
+
if (*offset =3D=3D NO_SYSCALL) {
int i;
complete diffs tree to http://www.gufi.org/~rookie/args-diff.tar.gz
rookie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4146316C00012CA0>