From f2c7668eb1581c4fbd5a7d43af0dd363f8b3206e Mon Sep 17 00:00:00 2001 From: David Schultz Date: Wed, 23 Mar 2005 08:27:59 +0000 Subject: Make ps_nargvstr and ps_nenvstr unsigned. This fixes an input validation error in procfs/linprocfs that can be exploited by local users to cause a kernel panic. All versions of FreeBSD with the patch referenced in SA-04:17.procfs have this bug, but versions without that patch have a more serious bug instead. This problem only affects systems on which procfs or linprocfs is mounted. Found by: Coverity Prevent analysis tool Security: Local DOS --- sys/amd64/linux32/linux32_sysvec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sys/amd64/linux32') diff --git a/sys/amd64/linux32/linux32_sysvec.c b/sys/amd64/linux32/linux32_sysvec.c index be4c6cce987a..8e0fc950d640 100644 --- a/sys/amd64/linux32/linux32_sysvec.c +++ b/sys/amd64/linux32/linux32_sysvec.c @@ -207,9 +207,9 @@ static int _bsd_to_linux_trapcode[] = { struct linux32_ps_strings { u_int32_t ps_argvstr; /* first of 0 or more argument strings */ - int ps_nargvstr; /* the number of argument strings */ + u_int ps_nargvstr; /* the number of argument strings */ u_int32_t ps_envstr; /* first of 0 or more environment strings */ - int ps_nenvstr; /* the number of environment strings */ + u_int ps_nenvstr; /* the number of environment strings */ }; /* -- cgit v1.2.3