misc/129855: ipcs integer overflow with UIDs bigger than 65535

Oleksandr Tymoshenko gonzo at bluezbox.com
Fri Dec 26 18:30:09 PST 2008


The following reply was made to PR bin/129855; it has been noted by GNATS.

From: Oleksandr Tymoshenko <gonzo at bluezbox.com>
To: Peter Keel <peter.keel at hostpoint.ch>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: misc/129855: ipcs integer overflow with UIDs bigger than 65535
Date: Fri, 26 Dec 2008 17:53:33 -0800

 Peter Keel wrote:
 >> Number:         129855
 >> Category:       misc
 >> Synopsis:       ipcs integer overflow with UIDs bigger than 65535
 
 Try enclosed patch.
 Or http://people.freebsd.org/~gonzo/patches/081226.ipc.diff if GNATS
 will garble the patch.
 
 === sys/compat/freebsd32/freebsd32_ipc.h
 ==================================================================
 --- sys/compat/freebsd32/freebsd32_ipc.h	(revision 186495)
 +++ sys/compat/freebsd32/freebsd32_ipc.h	(local)
 @@ -30,10 +30,10 @@
   #define _COMPAT_FREEBSD32_FREEBSD32_IPC_H_
 
   struct ipc_perm32 {
 -	uint16_t	cuid;
 -	uint16_t	cgid;
 -	uint16_t	uid;
 -	uint16_t	gid;
 +	uint32_t	cuid;
 +	uint32_t	cgid;
 +	uint32_t	uid;
 +	uint32_t	gid;
   	uint16_t	mode;
   	uint16_t	seq;
   	uint32_t	key;
 === sys/sys/ipc.h
 ==================================================================
 --- sys/sys/ipc.h	(revision 186495)
 +++ sys/sys/ipc.h	(local)
 @@ -69,15 +69,12 @@
   #define	_UID_T_DECLARED
   #endif
 
 -/*
 - * XXX almost all members have wrong types.
 - */
   struct ipc_perm {
 -	unsigned short	cuid;	/* creator user id */
 -	unsigned short	cgid;	/* creator group id */
 -	unsigned short	uid;	/* user id */
 -	unsigned short	gid;	/* group id */
 -	unsigned short	mode;	/* r/w permission */
 +	uid_t		cuid;	/* creator user id */
 +	gid_t		cgid;	/* creator group id */
 +	uid_t		uid;	/* user id */
 +	gid_t		gid;	/* group id */
 +	mode_t		mode;	/* r/w permission */
   	unsigned short	seq;	/* sequence # (to generate unique ipcid) */
   	key_t		key;	/* user specified msg/sem/shm key */
   };


More information about the freebsd-bugs mailing list