aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2003-08-10 23:23:57 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2003-08-10 23:23:57 +0000
commit117af7c676b7dc9ab4ca7e8ae9d0316d4d9c8aec (patch)
treee92f25be4e47fe80819cf60843a7ea51670e370a
parent2c7d2369859c52f08fb171e1e68b4499ed5a5dca (diff)
downloadsrc-117af7c676b7dc9ab4ca7e8ae9d0316d4d9c8aec.tar.gz
src-117af7c676b7dc9ab4ca7e8ae9d0316d4d9c8aec.zip
MFC sys_process.c 1.113, spigot.c 1.60:
Add or correct range checking of signal numbers in system calls and ioctls.
Notes
Notes: svn path=/releng/4.6/; revision=118753
-rw-r--r--UPDATING3
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--sys/i386/isa/spigot.c2
-rw-r--r--sys/kern/sys_process.c3
4 files changed, 8 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index 7dfdac1fa3e8..12e9e3c8ea46 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20030810: p15 FreeBSD-SA-03:09.signal
+ Repair range-checking errors in signal handling.
+
20030804: p14 FreeBSD-SA-03:08.realpath
Correct a single byte buffer overflow in realpath(3).
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index f01e1380e19d..227a15be57c5 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.6.2"
-BRANCH="RELEASE-p14"
+BRANCH="RELEASE-p15"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"
diff --git a/sys/i386/isa/spigot.c b/sys/i386/isa/spigot.c
index cdb05b72d54a..5f78c9af4344 100644
--- a/sys/i386/isa/spigot.c
+++ b/sys/i386/isa/spigot.c
@@ -221,6 +221,8 @@ struct spigot_info *info;
if(!data) return(EINVAL);
switch(cmd){
case SPIGOT_SETINT:
+ if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
+ return (EINVAL);
ss->p = p;
ss->signal_num = *((int *)data);
break;
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index 559c481ad53a..46543a9fbe77 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -332,7 +332,8 @@ ptrace(curp, uap)
case PT_STEP:
case PT_CONTINUE:
case PT_DETACH:
- if ((uap->req != PT_STEP) && ((unsigned)uap->data >= NSIG))
+ /* Zero means do not send any signal */
+ if (data < 0 || data > _SIG_MAXSIG)
return EINVAL;
PHOLD(p);