FreeBSD Kernel buffer overflow

[gerarra at tin.it]

>-- Messaggio originale --
>Date: Sat, 18 Sep 2004 11:02:27 +0200
>From: Pawel Jakub Dawidek <pjd at FreeBSD.org>
>To: Giorgos Keramidas <keramida at freebsd.org>
>Cc: freebsd-hackers at freebsd.org
>Cc: gerarra at tin.it
>Subject: Re: FreeBSD Kernel buffer overflow
>
>
>On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote:
>+> % +#ifdef INVARIANTS
>+> % +       KASSERT(0 <= narg && narg <= 8, ("invalid number of syscall
>args"));
>+> % +#endif
>
>Maybe:
>KASSERT(0 <= narg && narg <= sizeof(args) / sizeof(args[0]),
>    ("invalid number of syscall args"));
>
>So if we decide to increase/decrease it someday, we don't have to remember
>about this KASSERT().

Maybe better:

#define ARGS_MAGIC   8

...

int args[ARGS_MAGIC];
....

#ifdef INVARIANTS
KASSERT(0 <= narg && narg <= ARGS_MAGIC, ("invalid number of syscall args"));
#endif

(preprocession work)


rookie