diff options
| author | alc <alc@FreeBSD.org> | 2005-01-22 19:21:29 +0000 |
|---|---|---|
| committer | alc <alc@FreeBSD.org> | 2005-01-22 19:21:29 +0000 |
| commit | abb2aba4319abe060b8adfb7c5a9fc403b7fde49 (patch) | |
| tree | c0e2f053ef8169c1dd2b62c323630edf22ba6fa0 /sys | |
| parent | 59f1cc6e6e4e764cd18c032dd291616fc233359f (diff) | |
| download | FreeBSD-src-abb2aba4319abe060b8adfb7c5a9fc403b7fde49.zip FreeBSD-src-abb2aba4319abe060b8adfb7c5a9fc403b7fde49.tar.gz | |
Guard against address wrap in kernacc(). Otherwise, a program accessing a
bad address range through /dev/kmem can panic the machine.
Submitted by: Mark W. Krentel
Reported by: Kris Kennaway
MFC after: 1 week
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/vm/vm_glue.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/vm/vm_glue.c b/sys/vm/vm_glue.c index b6b09e9..da9e5cb 100644 --- a/sys/vm/vm_glue.c +++ b/sys/vm/vm_glue.c @@ -133,6 +133,11 @@ kernacc(addr, len, rw) KASSERT((rw & ~VM_PROT_ALL) == 0, ("illegal ``rw'' argument to kernacc (%x)\n", rw)); + + if ((vm_offset_t)addr + len > kernel_map->max_offset || + (vm_offset_t)addr + len < (vm_offset_t)addr) + return (FALSE); + prot = rw; saddr = trunc_page((vm_offset_t)addr); eaddr = round_page((vm_offset_t)addr + len); |
