diff options
| author | das <das@FreeBSD.org> | 2005-03-23 08:27:59 +0000 |
|---|---|---|
| committer | das <das@FreeBSD.org> | 2005-03-23 08:27:59 +0000 |
| commit | a556c42bd80040034647976d365ac3e4b064bacb (patch) | |
| tree | 76ddf2f926b75aca9b54ed0b6d961473f0bd5faf /sys/amd64/linux32/linux32_sysvec.c | |
| parent | 1ffe796d8fbcffb38c40b58af8405805dbbcfdcc (diff) | |
| download | FreeBSD-src-a556c42bd80040034647976d365ac3e4b064bacb.zip FreeBSD-src-a556c42bd80040034647976d365ac3e4b064bacb.tar.gz | |
Make ps_nargvstr and ps_nenvstr unsigned. This fixes an input
validation error in procfs/linprocfs that can be exploited by local
users to cause a kernel panic. All versions of FreeBSD with the patch
referenced in SA-04:17.procfs have this bug, but versions without that
patch have a more serious bug instead. This problem only affects
systems on which procfs or linprocfs is mounted.
Found by: Coverity Prevent analysis tool
Security: Local DOS
Diffstat (limited to 'sys/amd64/linux32/linux32_sysvec.c')
| -rw-r--r-- | sys/amd64/linux32/linux32_sysvec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/amd64/linux32/linux32_sysvec.c b/sys/amd64/linux32/linux32_sysvec.c index be4c6cc..8e0fc95 100644 --- a/sys/amd64/linux32/linux32_sysvec.c +++ b/sys/amd64/linux32/linux32_sysvec.c @@ -207,9 +207,9 @@ static int _bsd_to_linux_trapcode[] = { struct linux32_ps_strings { u_int32_t ps_argvstr; /* first of 0 or more argument strings */ - int ps_nargvstr; /* the number of argument strings */ + u_int ps_nargvstr; /* the number of argument strings */ u_int32_t ps_envstr; /* first of 0 or more environment strings */ - int ps_nenvstr; /* the number of environment strings */ + u_int ps_nenvstr; /* the number of environment strings */ }; /* |
