diff options
| author | marcel <marcel@FreeBSD.org> | 1999-08-14 10:30:38 +0000 |
|---|---|---|
| committer | marcel <marcel@FreeBSD.org> | 1999-08-14 10:30:38 +0000 |
| commit | 4437c70523fc9c569766ece2be5286fccb67b886 (patch) | |
| tree | 6b0bfa1eb6704f902365e31ad61055a632b2bc9f /sys/i386/linux | |
| parent | 6fb5b99704daa4279abedf7b850ace86a7c46ea5 (diff) | |
| download | FreeBSD-src-4437c70523fc9c569766ece2be5286fccb67b886.zip FreeBSD-src-4437c70523fc9c569766ece2be5286fccb67b886.tar.gz | |
Fix the LINUX_TCSET{A|AW|AF} and LINUX_TCSET{S|SW|SF} ioctls. These all suffer
from the same bug in that the argument is not first copied from user space
before it is used. This is part 2 (of 2) of the termios fixes.
Diffstat (limited to 'sys/i386/linux')
| -rw-r--r-- | sys/i386/linux/linux_ioctl.c | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/sys/i386/linux/linux_ioctl.c b/sys/i386/linux/linux_ioctl.c index 9d181eb8..ea9cb6f 100644 --- a/sys/i386/linux/linux_ioctl.c +++ b/sys/i386/linux/linux_ioctl.c @@ -25,7 +25,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Id: linux_ioctl.c,v 1.37 1999/08/13 14:44:13 marcel Exp $ + * $Id: linux_ioctl.c,v 1.38 1999/08/14 10:05:50 marcel Exp $ */ #include <sys/param.h> @@ -583,15 +583,24 @@ linux_ioctl(struct proc *p, struct linux_ioctl_args *args) sizeof(linux_termio)); case LINUX_TCSETA: - linux_to_bsd_termio((struct linux_termio *)args->arg, &bsd_termios); + error = copyin((caddr_t)args->arg, &linux_termio, sizeof(linux_termio)); + if (error) + return error; + linux_to_bsd_termio(&linux_termio, &bsd_termios); return (*func)(fp, TIOCSETA, (caddr_t)&bsd_termios, p); case LINUX_TCSETAW: - linux_to_bsd_termio((struct linux_termio *)args->arg, &bsd_termios); + error = copyin((caddr_t)args->arg, &linux_termio, sizeof(linux_termio)); + if (error) + return error; + linux_to_bsd_termio(&linux_termio, &bsd_termios); return (*func)(fp, TIOCSETAW, (caddr_t)&bsd_termios, p); case LINUX_TCSETAF: - linux_to_bsd_termio((struct linux_termio *)args->arg, &bsd_termios); + error = copyin((caddr_t)args->arg, &linux_termio, sizeof(linux_termio)); + if (error) + return error; + linux_to_bsd_termio(&linux_termio, &bsd_termios); return (*func)(fp, TIOCSETAF, (caddr_t)&bsd_termios, p); case LINUX_TCGETS: @@ -602,15 +611,27 @@ linux_ioctl(struct proc *p, struct linux_ioctl_args *args) sizeof(linux_termios)); case LINUX_TCSETS: - linux_to_bsd_termios((struct linux_termios *)args->arg, &bsd_termios); + error = copyin((caddr_t)args->arg, &linux_termios, + sizeof(linux_termios)); + if (error) + return error; + linux_to_bsd_termios(&linux_termios, &bsd_termios); return (*func)(fp, TIOCSETA, (caddr_t)&bsd_termios, p); case LINUX_TCSETSW: - linux_to_bsd_termios((struct linux_termios *)args->arg, &bsd_termios); + error = copyin((caddr_t)args->arg, &linux_termios, + sizeof(linux_termios)); + if (error) + return error; + linux_to_bsd_termios(&linux_termios, &bsd_termios); return (*func)(fp, TIOCSETAW, (caddr_t)&bsd_termios, p); case LINUX_TCSETSF: - linux_to_bsd_termios((struct linux_termios *)args->arg, &bsd_termios); + error = copyin((caddr_t)args->arg, &linux_termios, + sizeof(linux_termios)); + if (error) + return error; + linux_to_bsd_termios(&linux_termios, &bsd_termios); return (*func)(fp, TIOCSETAF, (caddr_t)&bsd_termios, p); case LINUX_TIOCGPGRP: |
