From owner-svn-src-head@FreeBSD.ORG Thu Jul 3 19:07:38 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6660BA34; Thu, 3 Jul 2014 19:07:38 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 535B529F3; Thu, 3 Jul 2014 19:07:38 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s63J7cBx023866; Thu, 3 Jul 2014 19:07:38 GMT (envelope-from pfg@svn.freebsd.org) Received: (from pfg@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s63J7bLa023863; Thu, 3 Jul 2014 19:07:37 GMT (envelope-from pfg@svn.freebsd.org) Message-Id: <201407031907.s63J7bLa023863@svn.freebsd.org> From: "Pedro F. Giffuni" Date: Thu, 3 Jul 2014 19:07:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r268230 - head/sys/cddl/contrib/opensolaris/uts/common/dtrace X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 19:07:38 -0000 Author: pfg Date: Thu Jul 3 19:07:37 2014 New Revision: 268230 URL: http://svnweb.freebsd.org/changeset/base/268230 Log: Merge from OpenSolaris (22-Apr-2008): 6823388 DTrace ioctl handlers must validate all structure members MFC after: 1 week Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c head/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c Thu Jul 3 18:24:28 2014 (r268229) +++ head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c Thu Jul 3 19:07:37 2014 (r268230) @@ -12908,7 +12908,8 @@ dtrace_dof_copyin(uintptr_t uarg, int *e dof = kmem_alloc(hdr.dofh_loadsz, KM_SLEEP); - if (copyin((void *)uarg, dof, hdr.dofh_loadsz) != 0) { + if (copyin((void *)uarg, dof, hdr.dofh_loadsz) != 0 || + dof->dofh_loadsz != hdr.dofh_loadsz) { kmem_free(dof, hdr.dofh_loadsz); *errp = EFAULT; return (NULL); Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c Thu Jul 3 18:24:28 2014 (r268229) +++ head/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c Thu Jul 3 19:07:37 2014 (r268230) @@ -2277,7 +2277,8 @@ fasttrap_ioctl(struct cdev *dev, u_long probe = kmem_alloc(size, KM_SLEEP); - if (copyin(uprobe, probe, size) != 0) { + if (copyin(uprobe, probe, size) != 0 || + probe->ftps_noffs != noffs) { kmem_free(probe, size); return (EFAULT); }