Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Sep 2004 14:28:32 +0200
From:      gerarra@tin.it
To:        freebsd-hackers@freebsd.org
Subject:   Re: FreeBSD Kernel buffer overflow
Message-ID:  <4146316C0000C7E2@ims3a.cp.tin.it>
next in thread | raw e-mail | index | archive | help 
><machine/param.h> which is installed from
>src/sys/{alpha,amd64,i386,ia64,etc}/param.h would be a more appropriate
>location.  There may be cases where you would want to know this value in=

>userland, in which case including <machine/md_var.h> would definitely
>not be appropriate.
>
>My preference would be to name it MAX_SYSCALL_ARGS.
>

I followed your suggestions and I made changes. Now this is patch availab=
le.
I did for amd64, sparc64, i386 and alpha since ia64 is not affected. I re=
port
i386 solution (for complete diffs tree and other architectures support do=
wnload
patch http://www.gufi.org/~rookie/args-diff.tar.gz):

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
$arch/include/param.h

> cat i386_param.diff
--- param2.h    Mon Sep 20 14:09:44 2004
+++ param.h     Mon Sep 20 13:59:05 2004
@@ -122,6 +122,8 @@
 #define VM_BCACHE_SIZE_MAX     (200 * 1024 * 1024)
 #endif

+#define MAX_SYSCALL_ARGS       8
+
 /*
  * Mach derived conversion macros
  */


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
$arch/$arch/trap.c

> cat i386_trap.diff
--- trap2.c     Mon Sep 20 14:09:27 2004
+++ trap.c      Mon Sep 20 14:03:23 2004
@@ -902,7 +902,7 @@
        u_int sticks;
        int error;
        int narg;
-       int args[8];
+       int args[MAX_SYSCALL_ARGS];
        u_int code;

        /*


=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D
kern/kern_syscalls.c

> cat kern_syscalls.diff
--- kern_syscalls.c     Sat Sep 18 13:42:21 2004
+++ kern_syscalls2.c    Mon Sep 20 14:18:45 2004
@@ -58,6 +58,16 @@
 syscall_register(int *offset, struct sysent *new_sysent,
                 struct sysent *old_sysent)
 {
+#ifndef __ia64__
+       if (new_sysent->sy_narg < 0 || new_sysent->sy_narg > MAX_SYSCALL_=
ARGS)
+       {
+               printf("Invalid sy_narg for syscall: boundary is [0 - %d]=
\n",
+                       MAX_SYSCALL_ARGS);
+               return EINVAL;
+       }
+#endif
+
+
        if (*offset =3D=3D NO_SYSCALL) {
                int i;


The other architectures patches has similar body.

I hope you will commit it.

rookie

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4146316C0000C7E2>