diff options
| author | jdp <jdp@FreeBSD.org> | 1998-10-11 04:54:16 +0000 |
|---|---|---|
| committer | jdp <jdp@FreeBSD.org> | 1998-10-11 04:54:16 +0000 |
| commit | 02ed78af40e9703d08142808274ea75e23ef0119 (patch) | |
| tree | bb4f1797e6f31219b0867383bc2dfdad847fb564 /sys/i386/linux | |
| parent | 0f5907340a52b5ec6dac22d23702d576de763d96 (diff) | |
| download | FreeBSD-src-02ed78af40e9703d08142808274ea75e23ef0119.zip FreeBSD-src-02ed78af40e9703d08142808274ea75e23ef0119.tar.gz | |
Fix a couple of out-of-bounds array references in mapping between
Linux and FreeBSD signal numbers. Also, check signal numbers passed
in from application programs for validity. Without these checks,
it is trivial to panic the system from a Linux program.
Diffstat (limited to 'sys/i386/linux')
| -rw-r--r-- | sys/i386/linux/linux_signal.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/sys/i386/linux/linux_signal.c b/sys/i386/linux/linux_signal.c index b2cb996..481ed7f 100644 --- a/sys/i386/linux/linux_signal.c +++ b/sys/i386/linux/linux_signal.c @@ -25,7 +25,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Id: linux_signal.c,v 1.11 1998/07/29 16:43:00 bde Exp $ + * $Id: linux_signal.c,v 1.12 1998/08/15 22:29:43 bde Exp $ */ #include <sys/param.h> @@ -43,7 +43,7 @@ linux_to_bsd_sigset(linux_sigset_t mask) { int b, l; sigset_t new = 0; - for (l = 1; l <= LINUX_NSIG; l++) { + for (l = 1; l < LINUX_NSIG; l++) { if (mask & (1 << (l - 1))) { if ((b = linux_to_bsd_signal[l])) new |= (1 << (b - 1)); @@ -57,7 +57,7 @@ bsd_to_linux_sigset(sigset_t mask) { int b, l; sigset_t new = 0; - for (b = 1; b <= NSIG; b++) { + for (b = 1; b < NSIG; b++) { if (mask & (1 << (b - 1))) { if ((l = bsd_to_linux_signal[b])) new |= (1 << (l - 1)); @@ -116,7 +116,8 @@ linux_sigaction(struct proc *p, struct linux_sigaction_args *args) printf("Linux-emul(%ld): sigaction(%d, %p, %p)\n", (long)p->p_pid, args->sig, (void *)args->nsa, (void *)args->osa); #endif - + if (args->sig <= 0 || args->sig >= LINUX_NSIG) + return EINVAL; if (args->osa) osa = (struct sigaction *)stackgap_alloc(&sg, sizeof(struct sigaction)); @@ -156,6 +157,8 @@ linux_signal(struct proc *p, struct linux_signal_args *args) printf("Linux-emul(%ld): signal(%d, %p)\n", (long)p->p_pid, args->sig, (void *)args->handler); #endif + if (args->sig <= 0 || args->sig >= LINUX_NSIG) + return EINVAL; sg = stackgap_init(); nsa = stackgap_alloc(&sg, sizeof *nsa); osa = stackgap_alloc(&sg, sizeof *osa); @@ -307,6 +310,8 @@ linux_kill(struct proc *p, struct linux_kill_args *args) printf("Linux-emul(%d): kill(%d, %d)\n", p->p_pid, args->pid, args->signum); #endif + if (args->signum <= 0 || args->signum >= LINUX_NSIG) + return EINVAL; tmp.pid = args->pid; tmp.signum = linux_to_bsd_signal[args->signum]; return kill(p, &tmp); |
