Date: Sun, 19 Sep 2004 19:59:34 +0300 From: Giorgos Keramidas <keramida@freebsd.org> To: gerarra@tin.it Cc: freebsd-hackers@freebsd.org Subject: Re: kernel buff overflow Message-ID: <20040919165934.GB2907@gothmog.gr> In-Reply-To: <4146316C0000AD08@ims3a.cp.tin.it> References: <4146316C0000AD08@ims3a.cp.tin.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2004-09-19 15:04, gerarra@tin.it wrote:
> --- kern_syscalls.c Sat Sep 18 13:42:21 2004
> +++ kern_syscalls2.c Sun Sep 19 14:59:27 2004
> @@ -58,6 +58,12 @@
> syscall_register(int *offset, struct sysent *new_sysent,
> struct sysent *old_sysent)
> {
> +
> +#ifdef __i386__
> + if (new_sysent->sy_narg < 0 || new_sysent->sy_narg > i386_SYS_ARGS)
> + return E2BIG;
> +#endif
> +
> if (*offset == NO_SYSCALL) {
> int i;
If a very simple but similar check can be added that works for all the
architectures it's probably a cleaner solution, i.e.:
: #ifndef SYSCALL_MAX_ARGS
: #define SYSCALL_MAX_ARGS 8
: #endif
:
: if (new_sysent->sy_narg < 0 || new_sysent->sy_narg > SYSCALL_MAX_ARGS)
: return EINVAL;
Then each architecture can define SYSCALL_MAX_ARGS at compile time.
P.S.: I don't think that E2BIG is ok, since the argument list can be too
"small" when sy_narg < 0, but arguing about the exact errno value is
something I won't really spend much time on.
- Giorgos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040919165934.GB2907>