svn commit: r307936 - head/sys/amd64/amd64
Konstantin Belousov
kostikbel at gmail.com
Wed Oct 26 13:25:59 UTC 2016
On Tue, Oct 25, 2016 at 09:26:00PM +0200, Tijl Coosemans wrote:
> On Tue, 25 Oct 2016 17:13:46 +0000 (UTC) Gleb Smirnoff <glebius at FreeBSD.org> wrote:
> > Author: glebius
> > Date: Tue Oct 25 17:13:46 2016
> > New Revision: 307936
> > URL: https://svnweb.freebsd.org/changeset/base/307936
> >
> > Log:
> > The argument validation in r296956 was not enough to close all possible
> > overflows in sysarch(2).
> >
> > Submitted by: Kun Yang <kun.yang chaitin.com>
> > Patch by: kib
> > Security: SA-16:15
> >
> > Modified:
> > head/sys/amd64/amd64/sys_machdep.c
>
> This patch and r296956 need to be applied to i386 too, don't they?
I do not think so. The amd64 bug is that I thought that the overflow
checks were not needed, which appeared to be not true.
i386_set_ldt(), which is the i386 version of amd64_set_ldt(), already
contained the comparisions of largest_ld with pldt->ldt_len etc.
Still, independend look at the i386 (and amd64 version as well) is more
than welcomed, so please read the code yourself.
More information about the svn-src-all
mailing list