cvs commit: src/sys/i386/ibcs2 ibcs2_misc.c ibcs2_signal.c ibcs2_socksys.c ibcs2_util.c ibcs2_util.h imgact_coff.c

Tim J. Robbins tjr at
Sat Oct 11 21:25:27 PDT 2003

tjr         2003/10/11 21:25:26 PDT

  FreeBSD src repository

  Modified files:
    sys/i386/ibcs2       ibcs2_misc.c ibcs2_signal.c 
                         ibcs2_socksys.c ibcs2_util.c ibcs2_util.h 
  Fix a multitude of security bugs in the iBCS2 emulator:
  - Return NULL instead of returning memory outside of the stackgap
    in stackgap_alloc() (FreeBSD-SA-00:42.linux)
  - Check for stackgap_alloc() returning NULL in ibcs2_emul_find();
    other calls to stackgap_alloc() have not been changed since they
    are small fixed-size allocations.
  - Replace use of strcpy() with strlcpy() in exec_coff_imgact()
    to avoid buffer overflow
  - Use strlcat() instead of strcat() to avoid a one byte buffer
    overflow in ibcs2_setipdomainname()
  - Use copyinstr() instead of copyin() in ibcs2_setipdomainname()
    to ensure that the string is null-terminated
  - Avoid integer overflow in ibcs2_setgroups() and ibcs2_setgroups()
    by checking that gidsetsize argument is non-negative and
    no larger than NGROUPS_MAX.
  - Range-check signal numbers in ibcs2_wait(), ibcs2_sigaction(),
    ibcs2_sigsys() and ibcs2_kill() to avoid accessing array past
    the end (or before the start)
  Revision  Changes    Path
  1.52      +21 -3     src/sys/i386/ibcs2/ibcs2_misc.c
  1.32      +7 -2      src/sys/i386/ibcs2/ibcs2_signal.c
  1.19      +5 -3      src/sys/i386/ibcs2/ibcs2_socksys.c
  1.17      +4 -2      src/sys/i386/ibcs2/ibcs2_util.c
  1.17      +4 -1      src/sys/i386/ibcs2/ibcs2_util.h
  1.61      +1 -1      src/sys/i386/ibcs2/imgact_coff.c

More information about the cvs-src mailing list