From owner-cvs-src@FreeBSD.ORG  Wed Mar 23 08:28:00 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3431216A4CE; Wed, 23 Mar 2005 08:28:00 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1B27843D2D; Wed, 23 Mar 2005 08:28:00 +0000 (GMT)
	(envelope-from das@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j2N8Rxr2021897;
	Wed, 23 Mar 2005 08:27:59 GMT
	(envelope-from das@repoman.freebsd.org)
Received: (from das@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j2N8Rxcp021896;
	Wed, 23 Mar 2005 08:27:59 GMT
	(envelope-from das)
Message-Id: <200503230827.j2N8Rxcp021896@repoman.freebsd.org>
From: David Schultz <das@FreeBSD.org>
Date: Wed, 23 Mar 2005 08:27:59 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/amd64/linux32 linux32_sysvec.c src/sys/sys
 exec.h
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2005 08:28:00 -0000

das         2005-03-23 08:27:59 UTC

  FreeBSD src repository

  Modified files:
    sys/amd64/linux32    linux32_sysvec.c 
    sys/sys              exec.h 
  Log:
  Make ps_nargvstr and ps_nenvstr unsigned.  This fixes an input
  validation error in procfs/linprocfs that can be exploited by local
  users to cause a kernel panic.  All versions of FreeBSD with the patch
  referenced in SA-04:17.procfs have this bug, but versions without that
  patch have a more serious bug instead.  This problem only affects
  systems on which procfs or linprocfs is mounted.
  
  Found by:       Coverity Prevent analysis tool
  Security:       Local DOS
  
  Revision  Changes    Path
  1.7       +2 -2      src/sys/amd64/linux32/linux32_sysvec.c
  1.32      +2 -2      src/sys/sys/exec.h