From 8e3795df0fb6cdfc739049fb0fcab846da61d760 Mon Sep 17 00:00:00 2001
From: marcel <marcel@FreeBSD.org>
Date: Thu, 9 Mar 2000 17:52:01 +0000
Subject: Fix bug in linux_wait4 and linux_waitpid where garbage in the status
 argument could panic the kernel.

Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
Prompted by: jkh, gallatin
Approved by: prompters
---
 sys/compat/linux/linux_misc.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'sys/compat/linux/linux_misc.c')

diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c
index 1835c9c..1b2dd31 100644
--- a/sys/compat/linux/linux_misc.c
+++ b/sys/compat/linux/linux_misc.c
@@ -988,6 +988,7 @@ linux_waitpid(struct proc *p, struct linux_waitpid_args *args)
     if (args->status) {
 	if ((error = copyin(args->status, &tmpstat, sizeof(int))) != 0)
 	    return error;
+	tmpstat &= 0xffff;
 	if (WIFSIGNALED(tmpstat))
 	    tmpstat = (tmpstat & 0xffffff80) |
 		      BSD_TO_LINUX_SIGNAL(WTERMSIG(tmpstat));
@@ -1031,6 +1032,7 @@ linux_wait4(struct proc *p, struct linux_wait4_args *args)
     if (args->status) {
 	if ((error = copyin(args->status, &tmpstat, sizeof(int))) != 0)
 	    return error;
+	tmpstat &= 0xffff;
 	if (WIFSIGNALED(tmpstat))
 	    tmpstat = (tmpstat & 0xffffff80) |
 		  BSD_TO_LINUX_SIGNAL(WTERMSIG(tmpstat));
-- 
cgit v1.1