aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorColin Percival <cperciva@FreeBSD.org>2004-06-30 17:34:38 +0000
committerColin Percival <cperciva@FreeBSD.org>2004-06-30 17:34:38 +0000
commit1ddddb6b8be63067ebd2a8cf0f11fe42032c5d19 (patch)
tree5c257d37caac29e62c1ddd7e4373d88f4b32a411
parentc80b93884dd45451a0849ddd0de0c7b0b1d145fb (diff)
downloadsrc-1ddddb6b8be63067ebd2a8cf0f11fe42032c5d19.tar.gz
src-1ddddb6b8be63067ebd2a8cf0f11fe42032c5d19.zip
FreeBSD-SA-04:13.linux:
MFC revision 1.116 of sys/compat/linux/linux_ioctl.c Bump newvers.sh and document in UPDATING. Approved by: so (des)
Notes
Notes: svn path=/releng/4.9/; revision=131352
-rw-r--r--UPDATING4
-rw-r--r--sys/compat/linux/linux_ioctl.c28
-rw-r--r--sys/conf/newvers.sh2
3 files changed, 23 insertions, 11 deletions
diff --git a/UPDATING b/UPDATING
index 6557f2b74a04..f126ff38cc81 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,10 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20040630: p11 FreeBSD-SA-04.13.linux
+ Correct an input validation error in the linux binary
+ compatibility code.
+
20040607: p10 FreeBSD-SA-04:12.jailroute
Correct a user validation error which could allow a jailed
super-user to manipulate routing tables.
diff --git a/sys/compat/linux/linux_ioctl.c b/sys/compat/linux/linux_ioctl.c
index 7440efbac084..0043cf165f2b 100644
--- a/sys/compat/linux/linux_ioctl.c
+++ b/sys/compat/linux/linux_ioctl.c
@@ -933,19 +933,21 @@ linux_ioctl_cdrom(struct proc *p, struct linux_ioctl_args *args)
}
case LINUX_CDROMREADTOCENTRY: {
- struct linux_cdrom_tocentry lte, *ltep =
- (struct linux_cdrom_tocentry *)args->arg;
+ struct linux_cdrom_tocentry lte;
struct ioc_read_toc_single_entry irtse;
- irtse.address_format = ltep->cdte_format;
- irtse.track = ltep->cdte_track;
+
+ error = copyin((caddr_t)args->arg, &lte, sizeof(lte));
+ if (error)
+ return (error);
+ irtse.address_format = lte.cdte_format;
+ irtse.track = lte.cdte_track;
error = fo_ioctl(fp, CDIOREADTOCENTRY, (caddr_t)&irtse, p);
if (!error) {
- lte = *ltep;
lte.cdte_ctrl = irtse.entry.control;
lte.cdte_adr = irtse.entry.addr_type;
bsd_to_linux_msf_lba(irtse.address_format,
&irtse.entry.addr, &lte.cdte_addr);
- copyout(&lte, (caddr_t)args->arg, sizeof(lte));
+ error = copyout(&lte, (caddr_t)args->arg, sizeof(lte));
}
return (error);
}
@@ -1268,6 +1270,7 @@ static int
linux_ioctl_console(struct proc *p, struct linux_ioctl_args *args)
{
struct file *fp = p->p_fd->fd_ofiles[args->fd];
+ int error;
switch (args->cmd & 0xffff) {
@@ -1326,11 +1329,16 @@ linux_ioctl_console(struct proc *p, struct linux_ioctl_args *args)
return (ioctl(p, (struct ioctl_args *)args));
case LINUX_VT_SETMODE: {
- struct vt_mode *mode;
+ struct vt_mode mode;
+ error = copyin((caddr_t)args->arg, &mode, sizeof(mode));
+ if (error)
+ return (error);
+ if (!ISSIGVALID(mode.frsig) && ISSIGVALID(mode.acqsig))
+ mode.frsig = mode.acqsig;
+ error = copyout(&mode, (caddr_t)args->arg, sizeof(mode));
+ if (error)
+ return (error);
args->cmd = VT_SETMODE;
- mode = (struct vt_mode *)args->arg;
- if (!ISSIGVALID(mode->frsig) && ISSIGVALID(mode->acqsig))
- mode->frsig = mode->acqsig;
return (ioctl(p, (struct ioctl_args *)args));
}
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index a39b8eaec584..dc5d759b4751 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.9"
-BRANCH="RELEASE-p10"
+BRANCH="RELEASE-p11"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"