From 399c01844ad297de82f83cc99f989358723baf51 Mon Sep 17 00:00:00 2001
From: jhb <jhb@FreeBSD.org>
Date: Tue, 23 Mar 2010 21:08:07 +0000
Subject: Reject attempts to create a MAP_ANON mapping with a non-zero offset.

PR:		kern/71258
Submitted by:	Alexander Best
MFC after:	2 weeks
---
 sys/vm/vm_mmap.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'sys/vm')

diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c
index 4963a60..a47cd6a 100644
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@@ -233,7 +233,7 @@ mmap(td, uap)
 	/* Make sure mapping fits into numeric range, etc. */
 	if ((uap->len == 0 && !SV_CURPROC_FLAG(SV_AOUT) &&
 	     curproc->p_osrel >= 800104) ||
-	    ((flags & MAP_ANON) && uap->fd != -1))
+	    ((flags & MAP_ANON) && (uap->fd != -1 || pos != 0)))
 		return (EINVAL);
 
 	if (flags & MAP_STACK) {
@@ -300,7 +300,6 @@ mmap(td, uap)
 		handle = NULL;
 		handle_type = OBJT_DEFAULT;
 		maxprot = VM_PROT_ALL;
-		pos = 0;
 	} else {
 		/*
 		 * Mapping file, get fp for validation and
-- 
cgit v1.1