aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-08-13 12:13:50 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-08-13 12:13:50 +0000
commitd77bc09eac07c0dc9488dfe5386ce95d3f911b3a (patch)
tree4404d8f65652b98240a95bfe9db807ed39486e7c
parent52773cf21251442c4fc2969afcd8288503e2c70a (diff)
downloadsrc-d77bc09eac07c0dc9488dfe5386ce95d3f911b3a.tar.gz
src-d77bc09eac07c0dc9488dfe5386ce95d3f911b3a.zip
MFC of upc_syscalls:1.123,1.124 and vesa.c:1.37.
Submitted by: Silvio Cesare <silvio@qualys.com> (1.123, 1.37)
Notes
Notes: svn path=/releng/4.4/; revision=101797
-rw-r--r--UPDATING4
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--sys/i386/isa/vesa.c4
-rw-r--r--sys/kern/uipc_syscalls.c10
4 files changed, 18 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index f6aa7edd9c23..65203d0f1916 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,10 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20020813: p26
+ Bounds checking errors in accept(), getsockname(),
+ getpeername(), and a VESA ioctl() command were corrected.
+
20020805: p25 FreeBSD-SA-02:33.openssl
Correct a bug in the ASN.1 decoder which was introduced with
the recent OpenSSL update.
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index f76f913b862f..7bf7c7a7a7ad 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.4"
-BRANCH="RELEASE-p25"
+BRANCH="RELEASE-p26"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"
diff --git a/sys/i386/isa/vesa.c b/sys/i386/isa/vesa.c
index 3fc68afb0651..630501c0526a 100644
--- a/sys/i386/isa/vesa.c
+++ b/sys/i386/isa/vesa.c
@@ -1317,7 +1317,9 @@ get_palette(video_adapter_t *adp, int base, int count,
int bits;
int error;
- if ((base < 0) || (base >= 256) || (base + count > 256))
+ if ((base < 0) || (base >= 256) || (count < 0) || (count > 256))
+ return 1;
+ if (base + count > 256)
return 1;
if (!(vesa_adp_info->v_flags & V_DAC8) || !VESA_MODE(adp->va_mode))
return 1;
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 4b8735fd6671..3c652b9725a1 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -206,6 +206,8 @@ accept1(p, uap, compat)
sizeof (namelen));
if(error)
return (error);
+ if (namelen < 0)
+ return (EINVAL);
}
error = holdsock(fdp, uap->s, &lfp);
if (error)
@@ -1193,6 +1195,10 @@ getsockname1(p, uap, compat)
fdrop(fp, p);
return (error);
}
+ if (len < 0) {
+ fdrop(fp, p);
+ return (EINVAL);
+ }
so = (struct socket *)fp->f_data;
sa = 0;
error = (*so->so_proto->pr_usrreqs->pru_sockaddr)(so, &sa);
@@ -1272,6 +1278,10 @@ getpeername1(p, uap, compat)
fdrop(fp, p);
return (error);
}
+ if (len < 0) {
+ fdrop(fp, p);
+ return (EINVAL);
+ }
sa = 0;
error = (*so->so_proto->pr_usrreqs->pru_peeraddr)(so, &sa);
if (error)