PERFORCE change 59060 for review
David Xu
davidxu at FreeBSD.org
Fri Aug 6 21:30:20 PDT 2004
http://perforce.freebsd.org/chv.cgi?CH=59060
Change 59060 by davidxu at davidxu_alona on 2004/08/07 04:30:06
Make a copy of syscall parameters, syscalls use set_mcontext can
sneakily change the parameters, cause kernel to crash, security risk.
Affected files ...
.. //depot/projects/davidxu_ksedbg/src/sys/amd64/amd64/trap.c#4 edit
Differences ...
==== //depot/projects/davidxu_ksedbg/src/sys/amd64/amd64/trap.c#4 (text+ko) ====
@@ -729,21 +729,17 @@
/*
* copyin and the ktrsyscall()/ktrsysret() code is MP-aware
*/
- if (narg <= regcnt) {
- argp = &frame.tf_rdi;
- argp += reg;
- error = 0;
- } else {
- KASSERT(narg <= sizeof(args) / sizeof(args[0]),
- ("Too many syscall arguments!"));
- KASSERT(params != NULL, ("copyin args with no params!"));
- argp = &frame.tf_rdi;
- argp += reg;
- bcopy(argp, args, sizeof(args[0]) * regcnt);
+ error = 0;
+ KASSERT(narg <= sizeof(args) / sizeof(args[0]),
+ ("Too many syscall arguments!"));
+ KASSERT(params != NULL, ("copyin args with no params!"));
+ argp = &frame.tf_rdi;
+ argp += reg;
+ bcopy(argp, args, sizeof(args[0]) * regcnt);
+ if (narg > regcnt)
error = copyin(params, &args[regcnt],
- (narg - regcnt) * sizeof(args[0]));
- argp = &args[0];
- }
+ (narg - regcnt) * sizeof(args[0]));
+ argp = &args[0];
#ifdef KTRACE
if (KTRPOINT(td, KTR_SYSCALL))
More information about the p4-projects
mailing list