From owner-freebsd-security  Sun Sep  9 10:44: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by hub.freebsd.org (Postfix) with ESMTP id 4622E37B405
	for <security@FreeBSD.ORG>; Sun,  9 Sep 2001 10:44:04 -0700 (PDT)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id DAA23324;
	Mon, 10 Sep 2001 03:43:45 +1000
Date: Mon, 10 Sep 2001 03:42:51 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender:  <bde@alphplex.bde.org>
To: Dima Dorfman <dima@unixfreak.org>
Cc: "Andrew R. Reiter" <arr@watson.org>,
	Kris Kennaway <kris@obsecurity.org>, <security@FreeBSD.ORG>
Subject: Re: netbsd vulnerabilities 
In-Reply-To: <20010909114717.80C903E28@bazooka.unixfreak.org>
Message-ID: <20010910033441.I7598-100000@alphplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sun, 9 Sep 2001, Dima Dorfman wrote:

> "Andrew R. Reiter" <arr@watson.org> wrote:
> > The attached code fixes the semop bug which is specified in the recent
> > NetBSD security announcement.  I'm not positive about hte naming scheme
> > wanted by all in terms of:  size_t vs. unsigned int vs. unsigned.  I made
> > it u_int b/c i saw in sysproto.h that there seemed to be more u_int's
> > instead of size_t's :-)  Great logic.
>
> I think semop_args.nsops should be u_int (like you made it) because
> that's how it's listed in syscalls.master.

It should match the (SYSV) spec, whatever that says.  syscalls.master
is rarely correct.

> > --- sys/sem.h.orig	Sat Sep  8 03:21:08 2001
> > +++ sys/sem.h	Sat Sep  8 03:21:27 2001
> > @@ -101,7 +101,7 @@
> >  int semsys __P((int, ...));
> >  int semctl __P((int, int, int, ...));
> >  int semget __P((key_t, int, int));
> > -int semop __P((int, struct sembuf *,unsigned));
> > +int semop __P((int, struct sembuf *, u_int));
>
> I don't see the point of this, either, except to break consistency
> with the manual page.  `u_int' is the same as `unsigned'.

This also fixes a style bug (missing space after comma) and takes us
further from removing dependencies on <sys/types.h>.  Anyway, this
has nothing to do with the bug (unless the correct type is not unsigned
int).

> The other changes look pretty good.  Attached is the corresponding
> patch to -current.  If nobody sees anything wrong in about a day, I'll
> commit this and MFC it after the RE's approval.

OK.

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message