diff options
| -rw-r--r-- | sys/pc98/i386/machdep.c | 28 | ||||
| -rw-r--r-- | sys/pc98/pc98/machdep.c | 28 |
2 files changed, 38 insertions, 18 deletions
diff --git a/sys/pc98/i386/machdep.c b/sys/pc98/i386/machdep.c index 6955590..a7fa589 100644 --- a/sys/pc98/i386/machdep.c +++ b/sys/pc98/i386/machdep.c @@ -127,7 +127,7 @@ #include <pc98/pc98/pc98_machdep.h> #include <pc98/pc98/pc98.h> #else -#include <i386/isa/rtc.h> +#include <isa/rtc.h> #endif #include <machine/vm86.h> #include <machine/random.h> @@ -546,7 +546,7 @@ osendsig(sig_t catcher, int sig, sigset_t *mask, u_long code) else { /* Old FreeBSD-style arguments. */ sf.sf_arg2 = code; - sf.sf_addr = regs->tf_err; + sf.sf_addr = (register_t *)regs->tf_err; sf.sf_ahu.sf_handler = catcher; } @@ -699,7 +699,7 @@ sendsig(catcher, sig, mask, code) else { /* Old FreeBSD-style arguments. */ sf.sf_siginfo = code; - sf.sf_addr = regs->tf_err; + sf.sf_addr = (register_t *)regs->tf_err; sf.sf_ahu.sf_handler = catcher; } @@ -886,15 +886,25 @@ sigreturn(p, uap) ucontext_t *ucp; int cs, eflags; - if (((struct osigcontext *)uap->sigcntxp)->sc_trapno == 0x01d516) - return osigreturn(p, (struct osigreturn_args *)uap); - - regs = p->p_md.md_regs; ucp = uap->sigcntxp; - eflags = ucp->uc_mcontext.mc_eflags; + if (!useracc((caddr_t)ucp, sizeof(struct osigcontext), VM_PROT_READ)) + return (EFAULT); + if (((struct osigcontext *)ucp)->sc_trapno == 0x01d516) + return (osigreturn(p, (struct osigreturn_args *)uap)); + + /* + * Since ucp is not an osigcontext but a ucontext_t, we have to + * check again if all of it is accessible. A ucontext_t is + * much larger, so instead of just checking for the pointer + * being valid for the size of an osigcontext, now check for + * it being valid for a whole, new-style ucontext_t. + */ if (!useracc((caddr_t)ucp, sizeof(ucontext_t), VM_PROT_READ)) - return(EFAULT); + return (EFAULT); + + regs = p->p_md.md_regs; + eflags = ucp->uc_mcontext.mc_eflags; if (eflags & PSL_VM) { struct trapframe_vm86 *tf = (struct trapframe_vm86 *)regs; diff --git a/sys/pc98/pc98/machdep.c b/sys/pc98/pc98/machdep.c index 6955590..a7fa589 100644 --- a/sys/pc98/pc98/machdep.c +++ b/sys/pc98/pc98/machdep.c @@ -127,7 +127,7 @@ #include <pc98/pc98/pc98_machdep.h> #include <pc98/pc98/pc98.h> #else -#include <i386/isa/rtc.h> +#include <isa/rtc.h> #endif #include <machine/vm86.h> #include <machine/random.h> @@ -546,7 +546,7 @@ osendsig(sig_t catcher, int sig, sigset_t *mask, u_long code) else { /* Old FreeBSD-style arguments. */ sf.sf_arg2 = code; - sf.sf_addr = regs->tf_err; + sf.sf_addr = (register_t *)regs->tf_err; sf.sf_ahu.sf_handler = catcher; } @@ -699,7 +699,7 @@ sendsig(catcher, sig, mask, code) else { /* Old FreeBSD-style arguments. */ sf.sf_siginfo = code; - sf.sf_addr = regs->tf_err; + sf.sf_addr = (register_t *)regs->tf_err; sf.sf_ahu.sf_handler = catcher; } @@ -886,15 +886,25 @@ sigreturn(p, uap) ucontext_t *ucp; int cs, eflags; - if (((struct osigcontext *)uap->sigcntxp)->sc_trapno == 0x01d516) - return osigreturn(p, (struct osigreturn_args *)uap); - - regs = p->p_md.md_regs; ucp = uap->sigcntxp; - eflags = ucp->uc_mcontext.mc_eflags; + if (!useracc((caddr_t)ucp, sizeof(struct osigcontext), VM_PROT_READ)) + return (EFAULT); + if (((struct osigcontext *)ucp)->sc_trapno == 0x01d516) + return (osigreturn(p, (struct osigreturn_args *)uap)); + + /* + * Since ucp is not an osigcontext but a ucontext_t, we have to + * check again if all of it is accessible. A ucontext_t is + * much larger, so instead of just checking for the pointer + * being valid for the size of an osigcontext, now check for + * it being valid for a whole, new-style ucontext_t. + */ if (!useracc((caddr_t)ucp, sizeof(ucontext_t), VM_PROT_READ)) - return(EFAULT); + return (EFAULT); + + regs = p->p_md.md_regs; + eflags = ucp->uc_mcontext.mc_eflags; if (eflags & PSL_VM) { struct trapframe_vm86 *tf = (struct trapframe_vm86 *)regs; |
