Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Oct 2016 18:26:35 +0200
From:      Tijl Coosemans <tijl@FreeBSD.org>
To:        Konstantin Belousov <kostikbel@gmail.com>
Cc:        Gleb Smirnoff <glebius@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r307936 - head/sys/amd64/amd64
Message-ID:  <20161027182635.187d5f6d@kalimero.tijl.coosemans.org>
In-Reply-To: <20161026132550.GV54029@kib.kiev.ua>
References:  <201610251713.u9PHDkq2076226@repo.freebsd.org> <20161025212600.36e91455@kalimero.tijl.coosemans.org> <20161026132550.GV54029@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 26 Oct 2016 16:25:50 +0300 Konstantin Belousov <kostikbel@gmail.com> wrote:
> On Tue, Oct 25, 2016 at 09:26:00PM +0200, Tijl Coosemans wrote:
>> On Tue, 25 Oct 2016 17:13:46 +0000 (UTC) Gleb Smirnoff <glebius@FreeBSD.org> wrote:  
>>> Author: glebius
>>> Date: Tue Oct 25 17:13:46 2016
>>> New Revision: 307936
>>> URL: https://svnweb.freebsd.org/changeset/base/307936
>>> 
>>> Log:
>>>   The argument validation in r296956 was not enough to close all possible
>>>   overflows in sysarch(2).
>>>   
>>>   Submitted by:	Kun Yang <kun.yang chaitin.com>
>>>   Patch by:	kib
>>>   Security:	SA-16:15
>>> 
>>> Modified:
>>>   head/sys/amd64/amd64/sys_machdep.c  
>> 
>> This patch and r296956 need to be applied to i386 too, don't they?  
> I do not think so.  The amd64 bug is that I thought that the overflow
> checks were not needed, which appeared to be not true.
> 
> i386_set_ldt(), which is the i386 version of amd64_set_ldt(), already
> contained the comparisions of largest_ld with pldt->ldt_len etc.
> 
> Still, independend look at the i386 (and amd64 version as well) is more
> than welcomed, so please read the code yourself.

It looks ok to me.  i386 checks kargs.largs.num > MAX_LD early in sysarch
so start + num cannot overflow.  On amd64 this check was removed in
https://svnweb.freebsd.org/base?view=revision&revision=217543

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161027182635.187d5f6d>