MFC 275035:

MFamd64: Check for invalid flags in the machine context in sigreturn() and setcontext().
author: jhb <jhb@FreeBSD.org> 2014-12-22 21:46:35 +0000
committer: jhb <jhb@FreeBSD.org> 2014-12-22 21:46:35 +0000
commit: 3f04bf5b7cf0824b1b9bb00281991b23088f3f5e (patch)
tree: b5540e0e77eb09dc4758880a29c959abde90e237 /sys/i386/i386
parent: 5ae50f92a8ff8229d56cc9462a1c3df5032d186b (diff)
download: FreeBSD-src-3f04bf5b7cf0824b1b9bb00281991b23088f3f5e.zip
FreeBSD-src-3f04bf5b7cf0824b1b9bb00281991b23088f3f5e.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/i386/i386/machdep.c b/sys/i386/i386/machdep.c
index f713714..48a7e62 100644
--- a/sys/i386/i386/machdep.c
+++ b/sys/i386/i386/machdep.c
@@ -1043,6 +1043,11 @@ sys_sigreturn(td, uap)
 	if (error != 0)
 		return (error);
 	ucp = &uc;
+	if ((ucp->uc_mcontext.mc_flags & ~_MC_FLAG_MASK) != 0) {
+		uprintf("pid %d (%s): sigreturn mc_flags %x\n", p->p_pid,
+		    td->td_name, ucp->uc_mcontext.mc_flags);
+		return (EINVAL);
+	}
 	regs = td->td_frame;
 	eflags = ucp->uc_mcontext.mc_eflags;
 	if (eflags & PSL_VM) {
@@ -3540,7 +3545,8 @@ set_mcontext(struct thread *td, const mcontext_t *mcp)
 	int eflags, ret;
 
 	tp = td->td_frame;
-	if (mcp->mc_len != sizeof(*mcp))
+	if (mcp->mc_len != sizeof(*mcp) ||
+	    (mcp->mc_flags & ~_MC_FLAG_MASK) != 0)
 		return (EINVAL);
 	eflags = (mcp->mc_eflags & PSL_USERCHANGE) |
 	    (tp->tf_eflags & ~PSL_USERCHANGE);
author	jhb <jhb@FreeBSD.org>	2014-12-22 21:46:35 +0000
committer	jhb <jhb@FreeBSD.org>	2014-12-22 21:46:35 +0000
commit	3f04bf5b7cf0824b1b9bb00281991b23088f3f5e (patch)
tree	b5540e0e77eb09dc4758880a29c959abde90e237 /sys/i386/i386
parent	5ae50f92a8ff8229d56cc9462a1c3df5032d186b (diff)
download	FreeBSD-src-3f04bf5b7cf0824b1b9bb00281991b23088f3f5e.zip FreeBSD-src-3f04bf5b7cf0824b1b9bb00281991b23088f3f5e.tar.gz