diff options
| -rw-r--r-- | UPDATING | 3 | ||||
| -rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
| -rw-r--r-- | sys/i386/i386/sys_machdep.c | 9 |
3 files changed, 8 insertions, 6 deletions
@@ -8,6 +8,9 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. Important recent entries: 20040724 (default X changes). +20050506: p12 FreeBSD-SA-05:07.ldt + Correctly validate inputs to the i386_get_ldt syscall. + 20050506: p11 FreeBSD-SA-05:06.iir Correct overly liberal permissions on /dev/iir. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index e9151b1767e2..c5712880d515 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="5.3" -BRANCH="RELEASE-p11" +BRANCH="RELEASE-p12" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/i386/i386/sys_machdep.c b/sys/i386/i386/sys_machdep.c index 57bb98217d62..1227a9a3c916 100644 --- a/sys/i386/i386/sys_machdep.c +++ b/sys/i386/i386/sys_machdep.c @@ -382,10 +382,6 @@ i386_get_ldt(td, args) uap->start, uap->num, (void *)uap->descs); #endif - /* verify range of LDTs exist */ - if ((uap->start < 0) || (uap->num <= 0)) - return(EINVAL); - if (pldt) { nldt = pldt->ldt_len; num = min(uap->num, nldt); @@ -395,7 +391,10 @@ i386_get_ldt(td, args) num = min(uap->num, nldt); lp = &ldt[uap->start]; } - if (uap->start + num > nldt) + + if ((uap->start > (unsigned int)nldt) || + ((unsigned int)num > (unsigned int)nldt) || + ((unsigned int)(uap->start + num) > (unsigned int)nldt)) return(EINVAL); error = copyout(lp, uap->descs, num * sizeof(union descriptor)); |