From owner-cvs-all@FreeBSD.ORG  Sat Oct 11 21:25:27 2003
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4F32416A4B3; Sat, 11 Oct 2003 21:25:27 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id CBAF443F75; Sat, 11 Oct 2003 21:25:26 -0700 (PDT)
	(envelope-from tjr@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h9C4PQXJ076177;
	Sat, 11 Oct 2003 21:25:26 -0700 (PDT)
	(envelope-from tjr@repoman.freebsd.org)
Received: (from tjr@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h9C4PQAK076176;
	Sat, 11 Oct 2003 21:25:26 -0700 (PDT)
	(envelope-from tjr)
Message-Id: <200310120425.h9C4PQAK076176@repoman.freebsd.org>
From: "Tim J. Robbins" <tjr@FreeBSD.org>
Date: Sat, 11 Oct 2003 21:25:26 -0700 (PDT)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/i386/ibcs2 ibcs2_misc.c ibcs2_signal.c
 ibcs2_socksys.c ibcs2_util.c ibcs2_util.h imgact_coff.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Oct 2003 04:25:27 -0000

tjr         2003/10/11 21:25:26 PDT

  FreeBSD src repository

  Modified files:
    sys/i386/ibcs2       ibcs2_misc.c ibcs2_signal.c 
                         ibcs2_socksys.c ibcs2_util.c ibcs2_util.h 
                         imgact_coff.c 
  Log:
  Fix a multitude of security bugs in the iBCS2 emulator:
  - Return NULL instead of returning memory outside of the stackgap
    in stackgap_alloc() (FreeBSD-SA-00:42.linux)
  - Check for stackgap_alloc() returning NULL in ibcs2_emul_find();
    other calls to stackgap_alloc() have not been changed since they
    are small fixed-size allocations.
  - Replace use of strcpy() with strlcpy() in exec_coff_imgact()
    to avoid buffer overflow
  - Use strlcat() instead of strcat() to avoid a one byte buffer
    overflow in ibcs2_setipdomainname()
  - Use copyinstr() instead of copyin() in ibcs2_setipdomainname()
    to ensure that the string is null-terminated
  - Avoid integer overflow in ibcs2_setgroups() and ibcs2_setgroups()
    by checking that gidsetsize argument is non-negative and
    no larger than NGROUPS_MAX.
  - Range-check signal numbers in ibcs2_wait(), ibcs2_sigaction(),
    ibcs2_sigsys() and ibcs2_kill() to avoid accessing array past
    the end (or before the start)
  
  Revision  Changes    Path
  1.52      +21 -3     src/sys/i386/ibcs2/ibcs2_misc.c
  1.32      +7 -2      src/sys/i386/ibcs2/ibcs2_signal.c
  1.19      +5 -3      src/sys/i386/ibcs2/ibcs2_socksys.c
  1.17      +4 -2      src/sys/i386/ibcs2/ibcs2_util.c
  1.17      +4 -1      src/sys/i386/ibcs2/ibcs2_util.h
  1.61      +1 -1      src/sys/i386/ibcs2/imgact_coff.c