From b1af2cb9b95b653da60d54d0e71f85adf9d1f4c3 Mon Sep 17 00:00:00 2001
From: drochner <drochner@NetBSD.org>
Date: Wed, 8 Nov 2006 20:18:32 +0000
Subject: [PATCH] -SUS says that a successful call to setcontext(2) does not
 return. This  implies that _UC_CPU must be set in the context passed. Check
 for this  and return EINVAL if not; this gives a cheap test for corrupted 
 ucontexts eg on a signal handler stack which would go unnoticed otherwise.
 -Don't ckeck for NULL ucontext pointers explicitely. This is an error, 
 except in the swapcontext() case where it can be easily caught in  userland.

---
 sys/compat/netbsd32/netbsd32_signal.c | 15 +++++++++------
 sys/kern/kern_sig.c                   | 15 +++++++++------
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/sys/compat/netbsd32/netbsd32_signal.c b/sys/compat/netbsd32/netbsd32_signal.c
index 5a4d3c4758b9..7d82f4c5e775 100644
--- a/sys/compat/netbsd32/netbsd32_signal.c
+++ b/sys/compat/netbsd32/netbsd32_signal.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: netbsd32_signal.c,v 1.17 2006/03/15 09:09:47 cube Exp $	*/
+/*	$NetBSD: netbsd32_signal.c,v 1.18 2006/11/08 20:18:32 drochner Exp $	*/
 
 /*
  * Copyright (c) 1998, 2001 Matthew R. Green
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_signal.c,v 1.17 2006/03/15 09:09:47 cube Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_signal.c,v 1.18 2006/11/08 20:18:32 drochner Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -399,10 +399,13 @@ netbsd32_setcontext(struct lwp *l, void *v, register_t *retval)
 	void *p;
 
 	p = NETBSD32PTR64(SCARG(uap, ucp));
-	if (p == NULL)
-		exit1(l, W_EXITCODE(0, 0));
-	else if ((error = copyin(p, &uc, sizeof (uc))) != 0 ||
-	    (error = setucontext32(l, &uc)) != 0)
+	error = copyin(p, &uc, sizeof (uc));
+	if (error)
+		return (error);
+	if (!(uc.uc_flags & _UC_CPU))
+		return (EINVAL);
+	error = setucontext32(l, &uc);
+	if (error)
 		return (error);
 
 	return (EJUSTRETURN);
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index fac6009c02cc..dd5e0e75dd23 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_sig.c,v 1.238 2006/11/03 19:46:03 ad Exp $	*/
+/*	$NetBSD: kern_sig.c,v 1.239 2006/11/08 20:18:33 drochner Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1991, 1993
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.238 2006/11/03 19:46:03 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sig.c,v 1.239 2006/11/08 20:18:33 drochner Exp $");
 
 #include "opt_coredump.h"
 #include "opt_ktrace.h"
@@ -2382,10 +2382,13 @@ sys_setcontext(struct lwp *l, void *v, register_t *retval)
 	ucontext_t uc;
 	int error;
 
-	if (SCARG(uap, ucp) == NULL)	/* i.e. end of uc_link chain */
-		exit1(l, W_EXITCODE(0, 0));
-	else if ((error = copyin(SCARG(uap, ucp), &uc, sizeof (uc))) != 0 ||
-	    (error = setucontext(l, &uc)) != 0)
+	error = copyin(SCARG(uap, ucp), &uc, sizeof (uc));
+	if (error)
+		return (error);
+	if (!(uc.uc_flags & _UC_CPU))
+		return (EINVAL);
+	error = setucontext(l, &uc);
+	if (error)
 		return (error);
 
 	return (EJUSTRETURN);