kern/113218: [sysvipc] [patch] Overflow in shmget's memory size check

Vasim Valejev vasim at resume-bank.ru
Thu Aug 2 10:10:11 UTC 2007


The following reply was made to PR kern/113218; it has been noted by GNATS.

From: "Vasim Valejev" <vasim at resume-bank.ru>
To: <bug-followup at FreeBSD.org>
Cc:  
Subject: Re: kern/113218: [sysvipc] [patch] Overflow in shmget's memory size check
Date: Thu, 2 Aug 2007 13:39:21 +0400

 Hi !
 
 Full patch (including ipcs fix):
 
 *** sys/kern/sysv_shm.c.orig    Mon Mar  5 16:10:57 2007
 --- sys/kern/sysv_shm.c Wed Jul 25 15:00:14 2007
 ***************
 *** 149,155 ****
   #define       SHMMAXPGS       8192    /* Note: sysv shared memory is swap
 backed. */
   #endif
   #ifndef SHMMAX
 ! #define       SHMMAX  (SHMMAXPGS*PAGE_SIZE)
   #endif
   #ifndef SHMMIN
   #define       SHMMIN  1
 --- 149,155 ----
   #define       SHMMAXPGS       8192    /* Note: sysv shared memory is swap
 backed. */
   #endif
   #ifndef SHMMAX
 ! #define       SHMMAX  (1L*SHMMAXPGS*PAGE_SIZE)
   #endif
   #ifndef SHMMIN
   #define       SHMMIN  1
 ***************
 *** 453,459 ****
   #if defined(__i386__) && (defined(COMPAT_FREEBSD4) || defined(COMPAT_43))
   struct oshmid_ds {
         struct  ipc_perm shm_perm;      /* operation perms */
 !       int     shm_segsz;              /* size of segment (bytes) */
         u_short shm_cpid;               /* pid, creator */
         u_short shm_lpid;               /* pid, last operation */
         short   shm_nattch;             /* no. of current attaches */
 --- 453,459 ----
   #if defined(__i386__) && (defined(COMPAT_FREEBSD4) || defined(COMPAT_43))
   struct oshmid_ds {
         struct  ipc_perm shm_perm;      /* operation perms */
 !       size_t  shm_segsz;              /* size of segment (bytes) */
         u_short shm_cpid;               /* pid, creator */
         u_short shm_lpid;               /* pid, last operation */
         short   shm_nattch;             /* no. of current attaches */
 ***************
 *** 717,723 ****
         struct shmget_args *uap;
         int mode;
   {
 !       int i, segnum, shmid, size;
         struct ucred *cred = td->td_ucred;
         struct shmid_kernel *shmseg;
         vm_object_t shm_object;
 --- 717,724 ----
         struct shmget_args *uap;
         int mode;
   {
 !       int i, segnum, shmid;
 !       size_t size;
         struct ucred *cred = td->td_ucred;
         struct shmid_kernel *shmseg;
         vm_object_t shm_object;
 *** sys/sys/shm.h.orig  Sat Aug  6 11:20:17 2005
 --- sys/sys/shm.h       Wed Jul 25 14:47:47 2007
 ***************
 *** 77,83 ****
 
   struct shmid_ds {
         struct ipc_perm shm_perm;       /* operation permission structure */
 !       int             shm_segsz;      /* size of segment in bytes */
         pid_t           shm_lpid;   /* process ID of last shared memory op */
         pid_t           shm_cpid;       /* process ID of creator */
         short           shm_nattch;     /* number of current attaches */
 --- 77,83 ----
 
   struct shmid_ds {
         struct ipc_perm shm_perm;       /* operation permission structure */
 !       size_t          shm_segsz;      /* size of segment in bytes */
         pid_t           shm_lpid;   /* process ID of last shared memory op */
         pid_t           shm_cpid;       /* process ID of creator */
         short           shm_nattch;     /* number of current attaches */
 *** usr.bin/ipcs/ipcs.c.orig    Mon May 15 12:20:38 2006
 --- usr.bin/ipcs/ipcs.c Wed Jul 25 14:48:23 2007
 ***************
 *** 439,445 ****
                                                     kshmptr->u.shm_nattch);
 
                                         if (option & BIGGEST)
 !                                               printf(" %12d",
                                                     kshmptr->u.shm_segsz);
 
                                         if (option & PID)
 --- 439,445 ----
                                                     kshmptr->u.shm_nattch);
 
                                         if (option & BIGGEST)
 !                                               printf(" %12ld",
                                                     kshmptr->u.shm_segsz);
 
                                         if (option & PID)
 
 
 Vasim V.
 


More information about the freebsd-bugs mailing list