Fix a security bug. eflags was copied verbatim from userland.

Submitted by: bde
author: marcel <marcel@FreeBSD.org> 1999-10-13 08:45:12 +0000
committer: marcel <marcel@FreeBSD.org> 1999-10-13 08:45:12 +0000
commit: e33752fed253dd9b6f4235975e7e07a02bba877b (patch)
tree: 09ffbe88518941e566f2ad3559feb850a539cf5e /sys/i386
parent: c1de2e69b94f0d98027eb56f83408c57ad570eb2 (diff)
download: FreeBSD-src-e33752fed253dd9b6f4235975e7e07a02bba877b.zip
FreeBSD-src-e33752fed253dd9b6f4235975e7e07a02bba877b.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/i386/i386/machdep.c b/sys/i386/i386/machdep.c
index b7585fa..85cc163 100644
--- a/sys/i386/i386/machdep.c
+++ b/sys/i386/i386/machdep.c
@@ -909,7 +909,8 @@ sigreturn(p, uap)
 			vm86->vm86_eflags = eflags;	/* save VIF, VIP */
 			eflags = (tf->tf_eflags & ~VM_USERCHANGE) |					    (eflags & VM_USERCHANGE) | PSL_VM;
 		}
-		bcopy(&ucp->uc_mcontext.mc_fs, regs, sizeof(struct trapframe));
+		bcopy(&ucp->uc_mcontext.mc_fs, tf, sizeof(struct trapframe));
+		tf->tf_eflags = eflags;
 		tf->tf_vm86_ds = tf->tf_ds;
 		tf->tf_vm86_es = tf->tf_es;
 		tf->tf_vm86_fs = tf->tf_fs;
author	marcel <marcel@FreeBSD.org>	1999-10-13 08:45:12 +0000
committer	marcel <marcel@FreeBSD.org>	1999-10-13 08:45:12 +0000
commit	e33752fed253dd9b6f4235975e7e07a02bba877b (patch)
tree	09ffbe88518941e566f2ad3559feb850a539cf5e /sys/i386
parent	c1de2e69b94f0d98027eb56f83408c57ad570eb2 (diff)
download	FreeBSD-src-e33752fed253dd9b6f4235975e7e07a02bba877b.zip FreeBSD-src-e33752fed253dd9b6f4235975e7e07a02bba877b.tar.gz