diff options
author | gallatin <gallatin@FreeBSD.org> | 2002-01-22 02:40:39 +0000 |
---|---|---|
committer | gallatin <gallatin@FreeBSD.org> | 2002-01-22 02:40:39 +0000 |
commit | b36a1aca9638f4ea8d1d6d2d8bbd7efe045c1430 (patch) | |
tree | 2cc9fe77bd4946261d41e613cfc79ffbd897abca /sys/alpha | |
parent | 4ea330caf8bc2301df7ad7aef9d70c573e0233f7 (diff) | |
download | FreeBSD-src-b36a1aca9638f4ea8d1d6d2d8bbd7efe045c1430.zip FreeBSD-src-b36a1aca9638f4ea8d1d6d2d8bbd7efe045c1430.tar.gz |
Don't read the sigcontext pointer directly from userspace. If the process
is swapped out, this can cause a system panic. Copy it in, instead
tested by: Bernd Walter <ticso@cicely8.cicely.de>
Diffstat (limited to 'sys/alpha')
-rw-r--r-- | sys/alpha/alpha/machdep.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/sys/alpha/alpha/machdep.c b/sys/alpha/alpha/machdep.c index 001a684..50df8e7 100644 --- a/sys/alpha/alpha/machdep.c +++ b/sys/alpha/alpha/machdep.c @@ -1513,11 +1513,6 @@ sigreturn(struct thread *td, unsigned long val; struct proc *p; -#ifdef COMPAT_43 - if (((struct osigcontext*)uap->sigcntxp)->sc_regs[R_ZERO] == 0xACEDBADE) - return osigreturn(td, (struct osigreturn_args *)uap); -#endif - ucp = uap->sigcntxp; pcb = td->td_pcb; p = td->td_proc; @@ -1529,9 +1524,22 @@ sigreturn(struct thread *td, /* * Fetch the entire context structure at once for speed. + * Note that struct osigcontext is smaller than a ucontext_t, + * so even if copyin() faults, we may have actually gotten a complete + * struct osigcontext. */ - if (copyin((caddr_t)ucp, (caddr_t)&uc, sizeof(ucontext_t))) + if (copyin((caddr_t)ucp, (caddr_t)&uc, sizeof(ucontext_t))) { +#ifdef COMPAT_43 + if (((struct osigcontext*)&uc)->sc_regs[R_ZERO] == 0xACEDBADE) + return osigreturn(td, (struct osigreturn_args *)uap); +#endif return (EFAULT); + } + +#ifdef COMPAT_43 + if (((struct osigcontext*)&uc)->sc_regs[R_ZERO] == 0xACEDBADE) + return osigreturn(td, (struct osigreturn_args *)uap); +#endif /* * Restore the user-supplied information |