Date: Wed, 26 Oct 2016 16:25:50 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Tijl Coosemans <tijl@FreeBSD.org> Cc: Gleb Smirnoff <glebius@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r307936 - head/sys/amd64/amd64 Message-ID: <20161026132550.GV54029@kib.kiev.ua> In-Reply-To: <20161025212600.36e91455@kalimero.tijl.coosemans.org> References: <201610251713.u9PHDkq2076226@repo.freebsd.org> <20161025212600.36e91455@kalimero.tijl.coosemans.org>
index | next in thread | previous in thread | raw e-mail
On Tue, Oct 25, 2016 at 09:26:00PM +0200, Tijl Coosemans wrote: > On Tue, 25 Oct 2016 17:13:46 +0000 (UTC) Gleb Smirnoff <glebius@FreeBSD.org> wrote: > > Author: glebius > > Date: Tue Oct 25 17:13:46 2016 > > New Revision: 307936 > > URL: https://svnweb.freebsd.org/changeset/base/307936 > > > > Log: > > The argument validation in r296956 was not enough to close all possible > > overflows in sysarch(2). > > > > Submitted by: Kun Yang <kun.yang chaitin.com> > > Patch by: kib > > Security: SA-16:15 > > > > Modified: > > head/sys/amd64/amd64/sys_machdep.c > > This patch and r296956 need to be applied to i386 too, don't they? I do not think so. The amd64 bug is that I thought that the overflow checks were not needed, which appeared to be not true. i386_set_ldt(), which is the i386 version of amd64_set_ldt(), already contained the comparisions of largest_ld with pldt->ldt_len etc. Still, independend look at the i386 (and amd64 version as well) is more than welcomed, so please read the code yourself.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161026132550.GV54029>