Date: Sat, 18 Sep 2004 15:41:14 +0200 From: gerarra@tin.it To: freebsd-hackers@freebsd.org Subject: RE: FreeBSD Kernel buffer overflow Message-ID: <4146316C0000A4CF@ims3a.cp.tin.it> In-Reply-To: <4146316C0000A4AF@ims3a.cp.tin.it>
next in thread | previous in thread | raw e-mail | index | archive | help
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
>
>> cat kern_syscalls.diff
>--- kern_syscalls.c Sat Sep 18 14:37:53 2004
>+++ kern_syscalls2.c Sat Sep 18 14:37:53 2004
>@@ -73,6 +73,11 @@
> sysent[*offset].sy_call !=3D (sy_call_t =
*)lkmressys)
> return EEXIST;
>
>+#if (__i386__) && (INVARIANTS)
>+ KASSERT(new_sysent->nargs >=3D 0 && new_sysent->nargs <=3D i386_=
SYS_ARGS,
>+ "invalid number of syscalls");
>+#endif
>+
> *old_sysent =3D sysent[*offset];
> sysent[*offset] =3D *new_sysent;
> return 0;
Sorry, a little problem here. There correct text chunk:
> cat kern_syscalls.diff
--- kern_syscalls.c Sat Sep 18 14:37:53 2004
+++ kern_syscalls2.c Sat Sep 18 14:37:53 2004
@@ -73,6 +73,11 @@
sysent[*offset].sy_call !=3D (sy_call_t *=
)lkmressys)
return EEXIST;
+#if (__i386__) && (INVARIANTS)
+ KASSERT(new_sysent->sy_nargs >=3D 0 && new_sysent->sy_nargs <=3D =
i386_SYS_ARGS,
+ "invalid number of syscalls");
+#endif
+
*old_sysent =3D sysent[*offset];
sysent[*offset] =3D *new_sysent;
return 0;
(tgz is correct)
rookie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4146316C0000A4CF>