website/static/security/patches/SA-03:09/signal50.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

Index: sys/i386/isa/spigot.c
===================================================================
RCS file: /home/ncvs/src/sys/i386/isa/spigot.c,v
retrieving revision 1.55
diff -c -r1.55 spigot.c
*** sys/i386/isa/spigot.c	1 Apr 2002 21:30:42 -0000	1.55
--- sys/i386/isa/spigot.c	10 Aug 2003 23:16:30 -0000
***************
*** 227,232 ****
--- 227,234 ----
  	if(!data) return(EINVAL);
  	switch(cmd){
  	case	SPIGOT_SETINT:
+ 		if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
+ 			return EINVAL;
  		ss->p = td->td_proc;
  		ss->signal_num = *((int *)data);
  		break;
Index: sys/kern/kern_sig.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_sig.c,v
retrieving revision 1.197
diff -c -r1.197 kern_sig.c
*** sys/kern/kern_sig.c	25 Oct 2002 19:10:57 -0000	1.197
--- sys/kern/kern_sig.c	10 Aug 2003 23:16:32 -0000
***************
*** 1343,1351 ****
  	struct thread *td;
  	register int prop;
  
! 
! 	KASSERT(_SIG_VALID(sig),
! 	    ("psignal(): invalid signal %d\n", sig));
  
  	PROC_LOCK_ASSERT(p, MA_OWNED);
  	KNOTE(&p->p_klist, NOTE_SIGNAL | sig);
--- 1343,1350 ----
  	struct thread *td;
  	register int prop;
  
! 	if (!_SIG_VALID(sig))
! 	    panic("psignal(): invalid signal");
  
  	PROC_LOCK_ASSERT(p, MA_OWNED);
  	KNOTE(&p->p_klist, NOTE_SIGNAL | sig);
Index: sys/kern/sys_process.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/sys_process.c,v
retrieving revision 1.104
diff -c -r1.104 sys_process.c
*** sys/kern/sys_process.c	16 Oct 2002 16:28:33 -0000	1.104
--- sys/kern/sys_process.c	10 Aug 2003 23:16:32 -0000
***************
*** 547,554 ****
  	case PT_STEP:
  	case PT_CONTINUE:
  	case PT_DETACH:
! 		/* XXX data is used even in the PT_STEP case. */
! 		if (req != PT_STEP && (unsigned)data > _SIG_MAXSIG) {
  			error = EINVAL;
  			goto fail;
  		}
--- 547,554 ----
  	case PT_STEP:
  	case PT_CONTINUE:
  	case PT_DETACH:
! 		/* Zero means do not send any signal */
! 		if (data < 0 || data > _SIG_MAXSIG) {
  			error = EINVAL;
  			goto fail;
  		}