From owner-cvs-src-old@FreeBSD.ORG  Mon Nov 16 20:35:13 2009
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 05A4010656AB
	for <cvs-src-old@freebsd.org>; Mon, 16 Nov 2009 20:35:13 +0000 (UTC)
	(envelope-from bz@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 194C58FC08
	for <cvs-src-old@freebsd.org>; Mon, 16 Nov 2009 20:35:03 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id nAGKZ2QX071851
	for <cvs-src-old@freebsd.org>; Mon, 16 Nov 2009 20:35:02 GMT
	(envelope-from bz@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id nAGKZ2L6071850
	for cvs-src-old@freebsd.org; Mon, 16 Nov 2009 20:35:02 GMT
	(envelope-from bz@repoman.freebsd.org)
Message-Id: <200911162035.nAGKZ2L6071850@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	bz@repoman.freebsd.org using -f
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Mon, 16 Nov 2009 20:34:53 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: RELENG_7
Subject: cvs commit: src/sys/compat/pecoff imgact_pecoff.c
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2009 20:35:13 -0000

bz          2009-11-16 20:34:53 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_7)
    sys/compat/pecoff    imgact_pecoff.c 
  Log:
  SVN rev 199330 on 2009-11-16 20:34:53Z by bz
  
  As we pass the 'offset' unvalidated to vn_rdwr() make sure
  that it is unsigned rather than possibly set to something negative
  by a malicious binary.
  
  This is just the immediate fix to the problem mentioned in
  PR kern/80742 and by http://milw0rm.com/exploits/9206 but does
  not fix all possible problems imgact_pecoff has.
  
  As this feature does not work and is not compiled in by default,
  the security team considers this vulnerability to be of low risk
  to the user population and will not be issuing an advisory.
  
  Note that this is a direct commit to stable/7 as pecoff support has
  been removed from head and stable/8 already.
  
  PR:             kern/80742
  Reported by:    Oliver Pinter (oliver.pntr gmail.com) via freebsd-security
  Help reproducing and testing by: Damian Weber (dweber htw-saarland.de)
  MFC After:      3 days
  
  Revision  Changes    Path
  1.40.2.3  +3 -3      src/sys/compat/pecoff/imgact_pecoff.c