From e33752fed253dd9b6f4235975e7e07a02bba877b Mon Sep 17 00:00:00 2001
From: marcel <marcel@FreeBSD.org>
Date: Wed, 13 Oct 1999 08:45:12 +0000
Subject: Fix a security bug. eflags was copied verbatim from userland.

Submitted by: bde
---
 sys/i386/i386/machdep.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'sys/i386')

diff --git a/sys/i386/i386/machdep.c b/sys/i386/i386/machdep.c
index b7585fa..85cc163 100644
--- a/sys/i386/i386/machdep.c
+++ b/sys/i386/i386/machdep.c
@@ -909,7 +909,8 @@ sigreturn(p, uap)
 			vm86->vm86_eflags = eflags;	/* save VIF, VIP */
 			eflags = (tf->tf_eflags & ~VM_USERCHANGE) |					    (eflags & VM_USERCHANGE) | PSL_VM;
 		}
-		bcopy(&ucp->uc_mcontext.mc_fs, regs, sizeof(struct trapframe));
+		bcopy(&ucp->uc_mcontext.mc_fs, tf, sizeof(struct trapframe));
+		tf->tf_eflags = eflags;
 		tf->tf_vm86_ds = tf->tf_ds;
 		tf->tf_vm86_es = tf->tf_es;
 		tf->tf_vm86_fs = tf->tf_fs;
-- 
cgit v1.1