aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2003-08-10 23:17:49 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2003-08-10 23:17:49 +0000
commitebe53c53fe4a772bb9b9d45020418068edec7130 (patch)
treed4b6cc54361de666faaea740824478243c4c5210
parentd873fa2ebe7d929b81db4d92d2ffe433f8128269 (diff)
downloadsrc-ebe53c53fe4a772bb9b9d45020418068edec7130.tar.gz
src-ebe53c53fe4a772bb9b9d45020418068edec7130.zip
MFC sys_process.c 1.113, spigot.c 1.60:
Add or correct range checking of signal numbers in system calls and ioctls. MFC kern_sig.c 1.257: panic() if we try to handle an out-of-range signal number in psignal()/ tdsignal().
Notes
Notes: svn path=/releng/5.0/; revision=118752
-rw-r--r--UPDATING3
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--sys/i386/isa/spigot.c2
-rw-r--r--sys/kern/kern_sig.c5
-rw-r--r--sys/kern/sys_process.c4
5 files changed, 10 insertions, 6 deletions
diff --git a/UPDATING b/UPDATING
index d25eaa9e06b9..3309c7c107e7 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20030810: p9 FreeBSD-SA-03:09.signal
+ Repair range-checking errors in signal handling.
+
20030804: p8 FreeBSD-SA-03:08.realpath
Correct a single byte buffer overflow in realpath(3).
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index f5a10074dc54..c1bc1cda5bda 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="5.0"
-BRANCH="RELEASE-p8"
+BRANCH="RELEASE-p9"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"
diff --git a/sys/i386/isa/spigot.c b/sys/i386/isa/spigot.c
index bc6df6210daa..707f686790ff 100644
--- a/sys/i386/isa/spigot.c
+++ b/sys/i386/isa/spigot.c
@@ -227,6 +227,8 @@ struct spigot_info *info;
if(!data) return(EINVAL);
switch(cmd){
case SPIGOT_SETINT:
+ if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
+ return EINVAL;
ss->p = td->td_proc;
ss->signal_num = *((int *)data);
break;
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 35036098819d..a3877b962086 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1343,9 +1343,8 @@ psignal(p, sig)
struct thread *td;
register int prop;
-
- KASSERT(_SIG_VALID(sig),
- ("psignal(): invalid signal %d\n", sig));
+ if (!_SIG_VALID(sig))
+ panic("psignal(): invalid signal");
PROC_LOCK_ASSERT(p, MA_OWNED);
KNOTE(&p->p_klist, NOTE_SIGNAL | sig);
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index c3c54145de32..8aed57e4793c 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -547,8 +547,8 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
case PT_STEP:
case PT_CONTINUE:
case PT_DETACH:
- /* XXX data is used even in the PT_STEP case. */
- if (req != PT_STEP && (unsigned)data > _SIG_MAXSIG) {
+ /* Zero means do not send any signal */
+ if (data < 0 || data > _SIG_MAXSIG) {
error = EINVAL;
goto fail;
}