From 1e5e29d1c88fe515a78e244cdee843bc14a8ea69 Mon Sep 17 00:00:00 2001 From: jhb Date: Thu, 6 Jul 2006 21:38:24 +0000 Subject: Don't try to copyin extra data for IPC_RMID requests to msgctl() or shmctl(). None of the other ABI's do this (including the native FreeBSD ABI), and uselessly trying to do a copyin() can actually result in a bogus EFAULT if the a process specifies NULL for the optional argument (which is what they should do in this case). --- sys/compat/svr4/svr4_ipc.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'sys/compat/svr4') diff --git a/sys/compat/svr4/svr4_ipc.c b/sys/compat/svr4/svr4_ipc.c index 64216ba..ad1fb0f 100644 --- a/sys/compat/svr4/svr4_ipc.c +++ b/sys/compat/svr4/svr4_ipc.c @@ -500,11 +500,7 @@ svr4_msgctl(td, v) return (kern_msgctl(td, uap->msqid, IPC_SET, &bs)); case SVR4_IPC_RMID: - error = copyin(uap->buf, &ss, sizeof ss); - if (error) - return error; - svr4_to_bsd_msqid_ds(&ss, &bs); - return (kern_msgctl(td, uap->msqid, IPC_RMID, &bs)); + return (kern_msgctl(td, uap->msqid, IPC_RMID, NULL)); default: return EINVAL; @@ -658,7 +654,6 @@ svr4_shmctl(td, v) if (uap->buf != NULL) { switch (uap->cmd) { case SVR4_IPC_SET: - case SVR4_IPC_RMID: case SVR4_SHM_LOCK: case SVR4_SHM_UNLOCK: error = copyin(uap->buf, &ss, sizeof(ss)); -- cgit v1.1