diff options
| author | jhb <jhb@FreeBSD.org> | 2006-07-06 21:38:24 +0000 |
|---|---|---|
| committer | jhb <jhb@FreeBSD.org> | 2006-07-06 21:38:24 +0000 |
| commit | 1e5e29d1c88fe515a78e244cdee843bc14a8ea69 (patch) | |
| tree | cdb98190f705a2bbc96f6880062b66ef0b42269a | |
| parent | e216ca9f3b6f519828cacb70aade623085f80127 (diff) | |
| download | FreeBSD-src-1e5e29d1c88fe515a78e244cdee843bc14a8ea69.zip FreeBSD-src-1e5e29d1c88fe515a78e244cdee843bc14a8ea69.tar.gz | |
Don't try to copyin extra data for IPC_RMID requests to msgctl() or
shmctl(). None of the other ABI's do this (including the native FreeBSD
ABI), and uselessly trying to do a copyin() can actually result in a
bogus EFAULT if the a process specifies NULL for the optional argument
(which is what they should do in this case).
| -rw-r--r-- | sys/compat/svr4/svr4_ipc.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/sys/compat/svr4/svr4_ipc.c b/sys/compat/svr4/svr4_ipc.c index 64216ba..ad1fb0f 100644 --- a/sys/compat/svr4/svr4_ipc.c +++ b/sys/compat/svr4/svr4_ipc.c @@ -500,11 +500,7 @@ svr4_msgctl(td, v) return (kern_msgctl(td, uap->msqid, IPC_SET, &bs)); case SVR4_IPC_RMID: - error = copyin(uap->buf, &ss, sizeof ss); - if (error) - return error; - svr4_to_bsd_msqid_ds(&ss, &bs); - return (kern_msgctl(td, uap->msqid, IPC_RMID, &bs)); + return (kern_msgctl(td, uap->msqid, IPC_RMID, NULL)); default: return EINVAL; @@ -658,7 +654,6 @@ svr4_shmctl(td, v) if (uap->buf != NULL) { switch (uap->cmd) { case SVR4_IPC_SET: - case SVR4_IPC_RMID: case SVR4_SHM_LOCK: case SVR4_SHM_UNLOCK: error = copyin(uap->buf, &ss, sizeof(ss)); |
