aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2003-08-10 23:23:57 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2003-08-10 23:23:57 +0000
commit9be7140460e54f1b494b87ae64e5dbde9c0099db (patch)
treee6eb1bb2f6e80bee1ad5e606f28b8492e0486f22
parentb9d00679a7179b5e5fa00f02058099dccb31104d (diff)
downloadsrc-9be7140460e54f1b494b87ae64e5dbde9c0099db.tar.gz
src-9be7140460e54f1b494b87ae64e5dbde9c0099db.zip
MFC sys_process.c 1.113, spigot.c 1.60:
Add or correct range checking of signal numbers in system calls and ioctls.
Notes
Notes: svn path=/releng/4.4/; revision=118753
-rw-r--r--UPDATING3
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--sys/i386/isa/spigot.c2
-rw-r--r--sys/kern/sys_process.c3
4 files changed, 8 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index 54a7f74f6b0e..9e7c173d06a3 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20030810: p38 FreeBSD-SA-03:09.signal
+ Repair range-checking errors in signal handling.
+
20030804: p37 FreeBSD-SA-03:08.realpath
Correct a single byte buffer overflow in realpath(3).
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index a6e8f20ed352..ae81c832809e 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.4"
-BRANCH="RELEASE-p37"
+BRANCH="RELEASE-p38"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"
diff --git a/sys/i386/isa/spigot.c b/sys/i386/isa/spigot.c
index cdb05b72d54a..5f78c9af4344 100644
--- a/sys/i386/isa/spigot.c
+++ b/sys/i386/isa/spigot.c
@@ -221,6 +221,8 @@ struct spigot_info *info;
if(!data) return(EINVAL);
switch(cmd){
case SPIGOT_SETINT:
+ if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
+ return (EINVAL);
ss->p = p;
ss->signal_num = *((int *)data);
break;
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index 482663c793d8..402970da9ba8 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -334,7 +334,8 @@ ptrace(curp, uap)
case PT_STEP:
case PT_CONTINUE:
case PT_DETACH:
- if ((uap->req != PT_STEP) && ((unsigned)uap->data >= NSIG))
+ /* Zero means do not send any signal */
+ if (data < 0 || data > _SIG_MAXSIG)
return EINVAL;
PHOLD(p);