diff options
author | David Schultz <das@FreeBSD.org> | 2005-03-23 08:27:59 +0000 |
---|---|---|
committer | David Schultz <das@FreeBSD.org> | 2005-03-23 08:27:59 +0000 |
commit | f2c7668eb1581c4fbd5a7d43af0dd363f8b3206e (patch) | |
tree | 76ddf2f926b75aca9b54ed0b6d961473f0bd5faf /sys/amd64/linux32/linux32_sysvec.c | |
parent | 58ce5a270090e5a923cd309eb8c6bb4e462ba29f (diff) | |
download | src-f2c7668eb1581c4fbd5a7d43af0dd363f8b3206e.tar.gz src-f2c7668eb1581c4fbd5a7d43af0dd363f8b3206e.zip |
Make ps_nargvstr and ps_nenvstr unsigned. This fixes an input
validation error in procfs/linprocfs that can be exploited by local
users to cause a kernel panic. All versions of FreeBSD with the patch
referenced in SA-04:17.procfs have this bug, but versions without that
patch have a more serious bug instead. This problem only affects
systems on which procfs or linprocfs is mounted.
Found by: Coverity Prevent analysis tool
Security: Local DOS
Notes
Notes:
svn path=/head/; revision=144011
Diffstat (limited to 'sys/amd64/linux32/linux32_sysvec.c')
-rw-r--r-- | sys/amd64/linux32/linux32_sysvec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/amd64/linux32/linux32_sysvec.c b/sys/amd64/linux32/linux32_sysvec.c index be4c6cce987a..8e0fc950d640 100644 --- a/sys/amd64/linux32/linux32_sysvec.c +++ b/sys/amd64/linux32/linux32_sysvec.c @@ -207,9 +207,9 @@ static int _bsd_to_linux_trapcode[] = { struct linux32_ps_strings { u_int32_t ps_argvstr; /* first of 0 or more argument strings */ - int ps_nargvstr; /* the number of argument strings */ + u_int ps_nargvstr; /* the number of argument strings */ u_int32_t ps_envstr; /* first of 0 or more environment strings */ - int ps_nenvstr; /* the number of environment strings */ + u_int ps_nenvstr; /* the number of environment strings */ }; /* |