Date: Sat, 7 Aug 2004 04:30:17 GMT From: David Xu <davidxu@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 59060 for review Message-ID: <200408070430.i774UHQE044535@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=59060 Change 59060 by davidxu@davidxu_alona on 2004/08/07 04:30:06 Make a copy of syscall parameters, syscalls use set_mcontext can sneakily change the parameters, cause kernel to crash, security risk. Affected files ... .. //depot/projects/davidxu_ksedbg/src/sys/amd64/amd64/trap.c#4 edit Differences ... ==== //depot/projects/davidxu_ksedbg/src/sys/amd64/amd64/trap.c#4 (text+ko) ==== @@ -729,21 +729,17 @@ /* * copyin and the ktrsyscall()/ktrsysret() code is MP-aware */ - if (narg <= regcnt) { - argp = &frame.tf_rdi; - argp += reg; - error = 0; - } else { - KASSERT(narg <= sizeof(args) / sizeof(args[0]), - ("Too many syscall arguments!")); - KASSERT(params != NULL, ("copyin args with no params!")); - argp = &frame.tf_rdi; - argp += reg; - bcopy(argp, args, sizeof(args[0]) * regcnt); + error = 0; + KASSERT(narg <= sizeof(args) / sizeof(args[0]), + ("Too many syscall arguments!")); + KASSERT(params != NULL, ("copyin args with no params!")); + argp = &frame.tf_rdi; + argp += reg; + bcopy(argp, args, sizeof(args[0]) * regcnt); + if (narg > regcnt) error = copyin(params, &args[regcnt], - (narg - regcnt) * sizeof(args[0])); - argp = &args[0]; - } + (narg - regcnt) * sizeof(args[0])); + argp = &args[0]; #ifdef KTRACE if (KTRPOINT(td, KTR_SYSCALL))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408070430.i774UHQE044535>