diff options
Diffstat (limited to 'share/security/patches/SA-03:17/procfs43.patch')
| -rw-r--r-- | share/security/patches/SA-03:17/procfs43.patch | 543 |
1 files changed, 0 insertions, 543 deletions
diff --git a/share/security/patches/SA-03:17/procfs43.patch b/share/security/patches/SA-03:17/procfs43.patch deleted file mode 100644 index d386f146ae..0000000000 --- a/share/security/patches/SA-03:17/procfs43.patch +++ /dev/null @@ -1,543 +0,0 @@ -Index: sys/i386/linux/linprocfs/linprocfs_misc.c -=================================================================== -RCS file: /home/ncvs/src/sys/i386/linux/linprocfs/Attic/linprocfs_misc.c,v -retrieving revision 1.3.2.5 -diff -p -c -r1.3.2.5 linprocfs_misc.c -*** sys/i386/linux/linprocfs/linprocfs_misc.c 7 Dec 2000 13:17:55 -0000 1.3.2.5 ---- sys/i386/linux/linprocfs/linprocfs_misc.c 3 Oct 2003 12:45:02 -0000 -*************** linprocfs_domeminfo(curp, p, pfs, uio) -*** 85,91 **** - struct uio *uio; - { - char *ps; -- int xlen; - char psbuf[512]; /* XXX - conservative */ - unsigned long memtotal; /* total memory in bytes */ - unsigned long memused; /* used memory in bytes */ ---- 85,90 ---- -*************** linprocfs_domeminfo(curp, p, pfs, uio) -*** 156,166 **** - B2K(memshared), B2K(buffers), B2K(cached), - B2K(swaptotal), B2K(swapfree)); - -! xlen = ps - psbuf; -! xlen -= uio->uio_offset; -! ps = psbuf + uio->uio_offset; -! xlen = imin(xlen, uio->uio_resid); -! return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio)); - } - - int ---- 155,161 ---- - B2K(memshared), B2K(buffers), B2K(cached), - B2K(swaptotal), B2K(swapfree)); - -! return (uiomove_frombuf(psbuf, ps - psbuf, uio)); - } - - int -*************** linprocfs_docpuinfo(curp, p, pfs, uio) -*** 171,177 **** - struct uio *uio; - { - char *ps; -- int xlen; - char psbuf[512]; /* XXX - conservative */ - int class; - int i; ---- 166,171 ---- -*************** linprocfs_docpuinfo(curp, p, pfs, uio) -*** 248,259 **** - (tsc_freq + 4999) / 1000000, - ((tsc_freq + 4999) / 10000) % 100); - } -! -! xlen = ps - psbuf; -! xlen -= uio->uio_offset; -! ps = psbuf + uio->uio_offset; -! xlen = imin(xlen, uio->uio_resid); -! return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio)); - } - - int ---- 242,248 ---- - (tsc_freq + 4999) / 1000000, - ((tsc_freq + 4999) / 10000) % 100); - } -! return (uiomove_frombuf(psbuf, ps - psbuf, uio)); - } - - int -*************** linprocfs_dostat(curp, p, pfs, uio) -*** 265,271 **** - { - char *ps; - char psbuf[512]; -- int xlen; - - ps = psbuf; - ps += sprintf(ps, ---- 254,259 ---- -*************** linprocfs_dostat(curp, p, pfs, uio) -*** 287,297 **** - cnt.v_intr, - cnt.v_swtch, - boottime.tv_sec); -! xlen = ps - psbuf; -! xlen -= uio->uio_offset; -! ps = psbuf + uio->uio_offset; -! xlen = imin(xlen, uio->uio_resid); -! return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio)); - } - - int ---- 275,281 ---- - cnt.v_intr, - cnt.v_swtch, - boottime.tv_sec); -! return (uiomove_frombuf(psbuf, ps - psbuf, uio)); - } - - int -*************** linprocfs_douptime(curp, p, pfs, uio) -*** 302,308 **** - struct uio *uio; - { - char *ps; -- int xlen; - char psbuf[64]; - struct timeval tv; - ---- 286,291 ---- -*************** linprocfs_douptime(curp, p, pfs, uio) -*** 311,321 **** - ps += sprintf(ps, "%ld.%02ld %ld.%02ld\n", - tv.tv_sec, tv.tv_usec / 10000, - T2S(cp_time[CP_IDLE]), T2J(cp_time[CP_IDLE]) % 100); -! xlen = ps - psbuf; -! xlen -= uio->uio_offset; -! ps = psbuf + uio->uio_offset; -! xlen = imin(xlen, uio->uio_resid); -! return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio)); - } - - int ---- 294,300 ---- - ps += sprintf(ps, "%ld.%02ld %ld.%02ld\n", - tv.tv_sec, tv.tv_usec / 10000, - T2S(cp_time[CP_IDLE]), T2J(cp_time[CP_IDLE]) % 100); -! return (uiomove_frombuf(psbuf, ps - psbuf, uio)); - } - - int -*************** linprocfs_doversion(curp, p, pfs, uio) -*** 332,341 **** - for (xlen = 0; ps[xlen] != '\n'; ++xlen) - /* nothing */ ; - ++xlen; -! xlen -= uio->uio_offset; -! ps += uio->uio_offset; -! xlen = imin(xlen, uio->uio_resid); -! return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio)); - } - - int ---- 311,317 ---- - for (xlen = 0; ps[xlen] != '\n'; ++xlen) - /* nothing */ ; - ++xlen; -! return (uiomove_frombuf(ps, xlen, uio)); - } - - int -*************** linprocfs_doprocstat(curp, p, pfs, uio) -*** 346,352 **** - struct uio *uio; - { - char *ps, psbuf[1024]; -- int xlen; - - ps = psbuf; - ps += sprintf(ps, "%d", p->p_pid); ---- 322,327 ---- -*************** linprocfs_doprocstat(curp, p, pfs, uio) -*** 388,398 **** - #undef PS_ADD - ps += sprintf(ps, "\n"); - -! xlen = ps - psbuf; -! xlen -= uio->uio_offset; -! ps = psbuf + uio->uio_offset; -! xlen = imin(xlen, uio->uio_resid); -! return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio)); - } - - /* ---- 363,369 ---- - #undef PS_ADD - ps += sprintf(ps, "\n"); - -! return (uiomove_frombuf(psbuf, ps - psbuf, uio)); - } - - /* -*************** linprocfs_doprocstatus(curp, p, pfs, uio -*** 419,425 **** - { - char *ps, psbuf[1024]; - char *state; -! int i, xlen; - - ps = psbuf; - ---- 390,396 ---- - { - char *ps, psbuf[1024]; - char *state; -! int i; - - ps = psbuf; - -*************** linprocfs_doprocstatus(curp, p, pfs, uio -*** 490,498 **** - PS_ADD(ps, "CapEff:\t%016x\n", 0); - #undef PS_ADD - -! xlen = ps - psbuf; -! xlen -= uio->uio_offset; -! ps = psbuf + uio->uio_offset; -! xlen = imin(xlen, uio->uio_resid); -! return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio)); - } ---- 461,465 ---- - PS_ADD(ps, "CapEff:\t%016x\n", 0); - #undef PS_ADD - -! return (uiomove_frombuf(psbuf, ps - psbuf, uio)); - } -Index: sys/kern/kern_subr.c -=================================================================== -RCS file: /home/ncvs/src/sys/kern/kern_subr.c,v -retrieving revision 1.31 -diff -p -c -r1.31 kern_subr.c -*** sys/kern/kern_subr.c 29 Oct 1999 18:08:51 -0000 1.31 ---- sys/kern/kern_subr.c 3 Oct 2003 12:45:02 -0000 -*************** -*** 47,52 **** ---- 47,53 ---- - #include <sys/lock.h> - #include <sys/resourcevar.h> - #include <sys/vnode.h> -+ #include <machine/limits.h> - - #include <vm/vm.h> - #include <vm/vm_page.h> -*************** uiomove(cp, n, uio) -*** 119,124 **** ---- 120,147 ---- - if (curproc) - curproc->p_flag = (curproc->p_flag & ~P_DEADLKTREAT) | save; - return (error); -+ } -+ -+ /* -+ * Wrapper for uiomove() that validates the arguments against a known-good -+ * kernel buffer. Currently, uiomove accepts a signed (n) argument, which -+ * is almost definitely a bad thing, so we catch that here as well. We -+ * return a runtime failure, but it might be desirable to generate a runtime -+ * assertion failure instead. -+ */ -+ int -+ uiomove_frombuf(void *buf, int buflen, struct uio *uio) -+ { -+ unsigned int offset, n; -+ -+ if (uio->uio_offset < 0 || uio->uio_resid < 0 || -+ (offset = uio->uio_offset) != uio->uio_offset) -+ return (EINVAL); -+ if (buflen <= 0 || offset >= buflen) -+ return (0); -+ if ((n = buflen - offset) > INT_MAX) -+ return (EINVAL); -+ return (uiomove((char *)buf + offset, n, uio)); - } - - int -Index: sys/miscfs/procfs/procfs_dbregs.c -=================================================================== -RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_dbregs.c,v -retrieving revision 1.4.2.1.2.1 -diff -p -c -r1.4.2.1.2.1 procfs_dbregs.c -*** sys/miscfs/procfs/procfs_dbregs.c 23 Jan 2002 23:05:54 -0000 1.4.2.1.2.1 ---- sys/miscfs/procfs/procfs_dbregs.c 3 Oct 2003 12:45:02 -0000 -*************** procfs_dodbregs(curp, p, pfs, uio) -*** 59,88 **** - { - int error; - struct dbreg r; -- char *kv; -- int kl; - - /* Can't trace a process that's currently exec'ing. */ - if ((p->p_flag & P_INEXEC) != 0) - return EAGAIN; - if (!CHECKIO(curp, p) || p_trespass(curp, p)) - return (EPERM); -- kl = sizeof(r); -- kv = (char *) &r; -- -- kv += uio->uio_offset; -- kl -= uio->uio_offset; -- if (kl > uio->uio_resid) -- kl = uio->uio_resid; - - PHOLD(p); -! -! if (kl < 0) -! error = EINVAL; -! else -! error = procfs_read_dbregs(p, &r); - if (error == 0) -! error = uiomove(kv, kl, uio); - if (error == 0 && uio->uio_rw == UIO_WRITE) { - if (p->p_stat != SSTOP) - error = EBUSY; ---- 59,75 ---- - { - int error; - struct dbreg r; - - /* Can't trace a process that's currently exec'ing. */ - if ((p->p_flag & P_INEXEC) != 0) - return EAGAIN; - if (!CHECKIO(curp, p) || p_trespass(curp, p)) - return (EPERM); - - PHOLD(p); -! error = procfs_read_dbregs(p, &r); - if (error == 0) -! error = uiomove_frombuf(&r, sizeof(r), uio); - if (error == 0 && uio->uio_rw == UIO_WRITE) { - if (p->p_stat != SSTOP) - error = EBUSY; -Index: sys/miscfs/procfs/procfs_fpregs.c -=================================================================== -RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_fpregs.c,v -retrieving revision 1.11.2.1.2.1 -diff -p -c -r1.11.2.1.2.1 procfs_fpregs.c -*** sys/miscfs/procfs/procfs_fpregs.c 23 Jan 2002 23:05:54 -0000 1.11.2.1.2.1 ---- sys/miscfs/procfs/procfs_fpregs.c 3 Oct 2003 12:45:02 -0000 -*************** procfs_dofpregs(curp, p, pfs, uio) -*** 56,85 **** - { - int error; - struct fpreg r; -- char *kv; -- int kl; - - /* Can't trace a process that's currently exec'ing. */ - if ((p->p_flag & P_INEXEC) != 0) - return EAGAIN; - if (!CHECKIO(curp, p) || p_trespass(curp, p)) - return EPERM; -- kl = sizeof(r); -- kv = (char *) &r; -- -- kv += uio->uio_offset; -- kl -= uio->uio_offset; -- if (kl > uio->uio_resid) -- kl = uio->uio_resid; - - PHOLD(p); - -! if (kl < 0) -! error = EINVAL; -! else -! error = procfs_read_fpregs(p, &r); - if (error == 0) -! error = uiomove(kv, kl, uio); - if (error == 0 && uio->uio_rw == UIO_WRITE) { - if (p->p_stat != SSTOP) - error = EBUSY; ---- 56,73 ---- - { - int error; - struct fpreg r; - - /* Can't trace a process that's currently exec'ing. */ - if ((p->p_flag & P_INEXEC) != 0) - return EAGAIN; - if (!CHECKIO(curp, p) || p_trespass(curp, p)) - return EPERM; - - PHOLD(p); - -! error = procfs_read_fpregs(p, &r); - if (error == 0) -! error = uiomove_frombuf(&r, sizeof(r), uio); - if (error == 0 && uio->uio_rw == UIO_WRITE) { - if (p->p_stat != SSTOP) - error = EBUSY; -Index: sys/miscfs/procfs/procfs_regs.c -=================================================================== -RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_regs.c,v -retrieving revision 1.10.2.1.2.1 -diff -p -c -r1.10.2.1.2.1 procfs_regs.c -*** sys/miscfs/procfs/procfs_regs.c 23 Jan 2002 23:05:54 -0000 1.10.2.1.2.1 ---- sys/miscfs/procfs/procfs_regs.c 3 Oct 2003 12:45:02 -0000 -*************** procfs_doregs(curp, p, pfs, uio) -*** 65,86 **** - return EAGAIN; - if (!CHECKIO(curp, p) || p_trespass(curp, p)) - return EPERM; -- kl = sizeof(r); -- kv = (char *) &r; -- -- kv += uio->uio_offset; -- kl -= uio->uio_offset; -- if (kl > uio->uio_resid) -- kl = uio->uio_resid; - - PHOLD(p); - -! if (kl < 0) -! error = EINVAL; -! else -! error = procfs_read_regs(p, &r); - if (error == 0) -! error = uiomove(kv, kl, uio); - if (error == 0 && uio->uio_rw == UIO_WRITE) { - if (p->p_stat != SSTOP) - error = EBUSY; ---- 65,76 ---- - return EAGAIN; - if (!CHECKIO(curp, p) || p_trespass(curp, p)) - return EPERM; - - PHOLD(p); - -! error = procfs_read_regs(p, &r); - if (error == 0) -! error = uiomove_frombuf(&r, sizeof(r), uio); - if (error == 0 && uio->uio_rw == UIO_WRITE) { - if (p->p_stat != SSTOP) - error = EBUSY; -Index: sys/miscfs/procfs/procfs_rlimit.c -=================================================================== -RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_rlimit.c,v -retrieving revision 1.5 -diff -p -c -r1.5 procfs_rlimit.c -*** sys/miscfs/procfs/procfs_rlimit.c 8 Dec 1999 08:59:37 -0000 1.5 ---- sys/miscfs/procfs/procfs_rlimit.c 3 Oct 2003 12:45:02 -0000 -*************** procfs_dorlimit(curp, p, pfs, uio) -*** 64,70 **** - { - char *ps; - int i; -- int xlen; - int error; - char psbuf[512]; /* XXX - conservative */ - ---- 64,69 ---- -*************** procfs_dorlimit(curp, p, pfs, uio) -*** 109,128 **** - } - } - -! /* -! * This logic is rather tasty - but its from procfs_status.c, so -! * I guess I'll use it here. -! */ -! -! xlen = ps - psbuf; -! xlen -= uio->uio_offset; -! ps = psbuf + uio->uio_offset; -! xlen = imin(xlen, uio->uio_resid); -! if (xlen <= 0) -! error = 0; -! else -! error = uiomove(ps, xlen, uio); -! - return (error); - } - ---- 108,114 ---- - } - } - -! error = uiomove_frombuf(psbuf, ps - psbuf, uio); - return (error); - } - -Index: sys/miscfs/procfs/procfs_status.c -=================================================================== -RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_status.c,v -retrieving revision 1.20.2.3.2.1 -diff -p -c -r1.20.2.3.2.1 procfs_status.c -*** sys/miscfs/procfs/procfs_status.c 23 Jan 2002 23:05:54 -0000 1.20.2.3.2.1 ---- sys/miscfs/procfs/procfs_status.c 3 Oct 2003 12:45:02 -0000 -*************** procfs_dostatus(curp, p, pfs, uio) -*** 166,180 **** - ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "\n"); - DOCHECK(); - -! xlen = ps - psbuf; -! xlen -= uio->uio_offset; -! ps = psbuf + uio->uio_offset; -! xlen = imin(xlen, uio->uio_resid); -! if (xlen <= 0) -! error = 0; -! else -! error = uiomove(ps, xlen, uio); -! - return (error); - - bailout: ---- 166,172 ---- - ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "\n"); - DOCHECK(); - -! error = uiomove_frombuf(psbuf, ps - psbuf, uio); - return (error); - - bailout: -*************** procfs_docmdline(curp, p, pfs, uio) -*** 246,258 **** - buflen = ps - buf; - } - -! buflen -= uio->uio_offset; -! ps = bp + uio->uio_offset; -! xlen = min(buflen, uio->uio_resid); -! if (xlen <= 0) -! error = 0; -! else -! error = uiomove(ps, xlen, uio); - if (buf) - FREE(buf, M_TEMP); - return (error); ---- 238,244 ---- - buflen = ps - buf; - } - -! error = uiomove_frombuf(bp, buflen, uio); - if (buf) - FREE(buf, M_TEMP); - return (error); -Index: sys/sys/uio.h -=================================================================== -RCS file: /home/ncvs/src/sys/sys/uio.h,v -retrieving revision 1.11 -diff -p -c -r1.11 uio.h -*** sys/sys/uio.h 29 Dec 1999 04:24:49 -0000 1.11 ---- sys/sys/uio.h 3 Oct 2003 12:45:02 -0000 -*************** struct uio { -*** 77,82 **** ---- 77,83 ---- - struct vm_object; - - int uiomove __P((caddr_t, int, struct uio *)); -+ int uiomove_frombuf __P((void *buf, int buflen, struct uio *uio)); - int uiomoveco __P((caddr_t, int, struct uio *, struct vm_object *)); - int uioread __P((int, struct uio *, struct vm_object *, int *)); - |