misc/129855: ipcs integer overflow with UIDs bigger than 65535
Oleksandr Tymoshenko
gonzo at bluezbox.com
Fri Dec 26 18:30:09 PST 2008
The following reply was made to PR bin/129855; it has been noted by GNATS.
From: Oleksandr Tymoshenko <gonzo at bluezbox.com>
To: Peter Keel <peter.keel at hostpoint.ch>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: misc/129855: ipcs integer overflow with UIDs bigger than 65535
Date: Fri, 26 Dec 2008 17:53:33 -0800
Peter Keel wrote:
>> Number: 129855
>> Category: misc
>> Synopsis: ipcs integer overflow with UIDs bigger than 65535
Try enclosed patch.
Or http://people.freebsd.org/~gonzo/patches/081226.ipc.diff if GNATS
will garble the patch.
=== sys/compat/freebsd32/freebsd32_ipc.h
==================================================================
--- sys/compat/freebsd32/freebsd32_ipc.h (revision 186495)
+++ sys/compat/freebsd32/freebsd32_ipc.h (local)
@@ -30,10 +30,10 @@
#define _COMPAT_FREEBSD32_FREEBSD32_IPC_H_
struct ipc_perm32 {
- uint16_t cuid;
- uint16_t cgid;
- uint16_t uid;
- uint16_t gid;
+ uint32_t cuid;
+ uint32_t cgid;
+ uint32_t uid;
+ uint32_t gid;
uint16_t mode;
uint16_t seq;
uint32_t key;
=== sys/sys/ipc.h
==================================================================
--- sys/sys/ipc.h (revision 186495)
+++ sys/sys/ipc.h (local)
@@ -69,15 +69,12 @@
#define _UID_T_DECLARED
#endif
-/*
- * XXX almost all members have wrong types.
- */
struct ipc_perm {
- unsigned short cuid; /* creator user id */
- unsigned short cgid; /* creator group id */
- unsigned short uid; /* user id */
- unsigned short gid; /* group id */
- unsigned short mode; /* r/w permission */
+ uid_t cuid; /* creator user id */
+ gid_t cgid; /* creator group id */
+ uid_t uid; /* user id */
+ gid_t gid; /* group id */
+ mode_t mode; /* r/w permission */
unsigned short seq; /* sequence # (to generate unique ipcid) */
key_t key; /* user specified msg/sem/shm key */
};
More information about the freebsd-bugs
mailing list