From 6925a27fb35df55fe111e7b5d114c6df709b282c Mon Sep 17 00:00:00 2001
From: thorpej <thorpej@NetBSD.org>
Date: Wed, 29 Apr 2020 01:53:48 +0000
Subject: [PATCH] Sanitize the pid and lid arguments passed to
 do_sched_getparam() and sys__sched_getaffinity() now that -1 as the pid
 argument to lwp_find2() means "wildcard proc".

---
 sys/kern/sys_sched.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/sys/kern/sys_sched.c b/sys/kern/sys_sched.c
index 765ee6b0c63b..7c2da15d589d 100644
--- a/sys/kern/sys_sched.c
+++ b/sys/kern/sys_sched.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: sys_sched.c,v 1.47 2020/01/27 22:05:10 ad Exp $	*/
+/*	$NetBSD: sys_sched.c,v 1.48 2020/04/29 01:53:48 thorpej Exp $	*/
 
 /*
  * Copyright (c) 2008, 2011 Mindaugas Rasiukevicius <rmind at NetBSD org>
@@ -41,7 +41,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_sched.c,v 1.47 2020/01/27 22:05:10 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_sched.c,v 1.48 2020/04/29 01:53:48 thorpej Exp $");
 
 #include <sys/param.h>
 
@@ -231,6 +231,9 @@ do_sched_getparam(pid_t pid, lwpid_t lid, int *policy,
 	struct lwp *t;
 	int error, lpolicy;
 
+	if (pid < 0 || lid < 0)
+		return EINVAL;
+
 	t = lwp_find2(pid, lid); /* acquire p_lock */
 	if (t == NULL)
 		return ESRCH;
@@ -498,6 +501,9 @@ sys__sched_getaffinity(struct lwp *l,
 	kcpuset_t *kcset;
 	int error;
 
+	if (SCARG(uap, pid) < 0 || SCARG(uap, lid) < 0)
+		return EINVAL;
+
 	error = genkcpuset(&kcset, SCARG(uap, cpuset), SCARG(uap, size));
 	if (error)
 		return error;