kernel buff overflow
Giorgos Keramidas
keramida at freebsd.org
Sun Sep 19 10:53:07 PDT 2004
On 2004-09-19 15:04, gerarra at tin.it wrote:
> --- kern_syscalls.c Sat Sep 18 13:42:21 2004
> +++ kern_syscalls2.c Sun Sep 19 14:59:27 2004
> @@ -58,6 +58,12 @@
> syscall_register(int *offset, struct sysent *new_sysent,
> struct sysent *old_sysent)
> {
> +
> +#ifdef __i386__
> + if (new_sysent->sy_narg < 0 || new_sysent->sy_narg > i386_SYS_ARGS)
> + return E2BIG;
> +#endif
> +
> if (*offset == NO_SYSCALL) {
> int i;
If a very simple but similar check can be added that works for all the
architectures it's probably a cleaner solution, i.e.:
: #ifndef SYSCALL_MAX_ARGS
: #define SYSCALL_MAX_ARGS 8
: #endif
:
: if (new_sysent->sy_narg < 0 || new_sysent->sy_narg > SYSCALL_MAX_ARGS)
: return EINVAL;
Then each architecture can define SYSCALL_MAX_ARGS at compile time.
P.S.: I don't think that E2BIG is ok, since the argument list can be too
"small" when sy_narg < 0, but arguing about the exact errno value is
something I won't really spend much time on.
- Giorgos
More information about the freebsd-hackers
mailing list