From owner-freebsd-hackers@FreeBSD.ORG Mon Sep 20 12:28:35 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 82E2916A4CE for ; Mon, 20 Sep 2004 12:28:35 +0000 (GMT) Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1399143D48 for ; Mon, 20 Sep 2004 12:28:35 +0000 (GMT) (envelope-from gerarra@tin.it) Received: from ims3a.cp.tin.it (192.168.70.103) by vsmtp12.tin.it (7.0.027) id 414B19D3000ED34D for freebsd-hackers@freebsd.org; Mon, 20 Sep 2004 14:28:34 +0200 Received: from [192.168.70.229] by ims3a.cp.tin.it with HTTP; Mon, 20 Sep 2004 14:28:32 +0200 Date: Mon, 20 Sep 2004 14:28:32 +0200 Message-ID: <4146316C0000C7E2@ims3a.cp.tin.it> From: gerarra@tin.it To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: quoted-printable Subject: Re: FreeBSD Kernel buffer overflow X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2004 12:28:35 -0000 > which is installed from >src/sys/{alpha,amd64,i386,ia64,etc}/param.h would be a more appropriate >location. There may be cases where you would want to know this value in= >userland, in which case including would definitely >not be appropriate. > >My preference would be to name it MAX_SYSCALL_ARGS. > I followed your suggestions and I made changes. Now this is patch availab= le. I did for amd64, sparc64, i386 and alpha since ia64 is not affected. I re= port i386 solution (for complete diffs tree and other architectures support do= wnload patch http://www.gufi.org/~rookie/args-diff.tar.gz): =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D $arch/include/param.h > cat i386_param.diff --- param2.h Mon Sep 20 14:09:44 2004 +++ param.h Mon Sep 20 13:59:05 2004 @@ -122,6 +122,8 @@ #define VM_BCACHE_SIZE_MAX (200 * 1024 * 1024) #endif +#define MAX_SYSCALL_ARGS 8 + /* * Mach derived conversion macros */ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D $arch/$arch/trap.c > cat i386_trap.diff --- trap2.c Mon Sep 20 14:09:27 2004 +++ trap.c Mon Sep 20 14:03:23 2004 @@ -902,7 +902,7 @@ u_int sticks; int error; int narg; - int args[8]; + int args[MAX_SYSCALL_ARGS]; u_int code; /* =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D kern/kern_syscalls.c > cat kern_syscalls.diff --- kern_syscalls.c Sat Sep 18 13:42:21 2004 +++ kern_syscalls2.c Mon Sep 20 14:18:45 2004 @@ -58,6 +58,16 @@ syscall_register(int *offset, struct sysent *new_sysent, struct sysent *old_sysent) { +#ifndef __ia64__ + if (new_sysent->sy_narg < 0 || new_sysent->sy_narg > MAX_SYSCALL_= ARGS) + { + printf("Invalid sy_narg for syscall: boundary is [0 - %d]= \n", + MAX_SYSCALL_ARGS); + return EINVAL; + } +#endif + + if (*offset =3D=3D NO_SYSCALL) { int i; The other architectures patches has similar body. I hope you will commit it. rookie