From d7d15131bb6bc124be068210e0f094ff30fe81a1 Mon Sep 17 00:00:00 2001 From: david Date: Wed, 27 Oct 2004 19:29:57 +0000 Subject: [PATCH] Bounds check syscall arguments where appropriate --- sys/compat/irix/irix_signal.c | 10 ++++++++-- sys/compat/irix/irix_swap.c | 5 +++-- sys/compat/osf1/osf1_signal.c | 13 ++++++++++--- sys/compat/svr4/svr4_filio.c | 6 ++++-- sys/compat/svr4/svr4_signal.c | 8 ++++---- sys/compat/svr4_32/svr4_32_filio.c | 6 ++++-- sys/compat/svr4_32/svr4_32_signal.c | 9 +++++---- sys/compat/ultrix/ultrix_misc.c | 6 +++--- 8 files changed, 41 insertions(+), 22 deletions(-) diff --git a/sys/compat/irix/irix_signal.c b/sys/compat/irix/irix_signal.c index e970d06c064c..15f929750aa2 100644 --- a/sys/compat/irix/irix_signal.c +++ b/sys/compat/irix/irix_signal.c @@ -1,4 +1,4 @@ -/* $NetBSD: irix_signal.c,v 1.28 2003/11/26 08:36:51 he Exp $ */ +/* $NetBSD: irix_signal.c,v 1.29 2004/10/27 19:29:57 david Exp $ */ /*- * Copyright (c) 1994, 2001-2002 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: irix_signal.c,v 1.28 2003/11/26 08:36:51 he Exp $"); +__KERNEL_RCSID(0, "$NetBSD: irix_signal.c,v 1.29 2004/10/27 19:29:57 david Exp $"); #include #include @@ -155,6 +155,10 @@ irix_signal_siginfo(isi, sig, code, addr) u_long code; caddr_t addr; { + if (sig < 0 || sig > SVR4_NSIG) { + isi->isi_errno = IRIX_EINVAL; + return; + } isi->isi_signo = native_to_svr4_signo[sig]; isi->isi_errno = 0; isi->isi_addr = (irix_app32_ptr_t)addr; @@ -1009,6 +1013,8 @@ irix_sys_sigaction(l, v, retval) * The signal trampoline is hence saved in the p_emuldata field * of struct proc, in an array (one element for each signal) */ + if (SCARG(uap, signum) < 0) + return(EINVAL); signum = svr4_to_native_signo[SCARG(uap, signum)]; ied = (struct irix_emuldata *)(p->p_emuldata); diff --git a/sys/compat/irix/irix_swap.c b/sys/compat/irix/irix_swap.c index 78c988f4d5e7..51a04938c69e 100644 --- a/sys/compat/irix/irix_swap.c +++ b/sys/compat/irix/irix_swap.c @@ -1,4 +1,4 @@ -/* $NetBSD: irix_swap.c,v 1.11 2003/11/13 03:09:29 chs Exp $ */ +/* $NetBSD: irix_swap.c,v 1.12 2004/10/27 19:29:57 david Exp $ */ /*- * Copyright (c) 2002 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: irix_swap.c,v 1.11 2003/11/13 03:09:29 chs Exp $"); +__KERNEL_RCSID(0, "$NetBSD: irix_swap.c,v 1.12 2004/10/27 19:29:57 david Exp $"); #include #include @@ -222,6 +222,7 @@ bad: default: printf("irix_sys_swapctl(): unsupported command %d\n", SCARG(uap, cmd)); + return EINVAL; break; } return 0; diff --git a/sys/compat/osf1/osf1_signal.c b/sys/compat/osf1/osf1_signal.c index 42b667a888be..95ea0bd49615 100644 --- a/sys/compat/osf1/osf1_signal.c +++ b/sys/compat/osf1/osf1_signal.c @@ -1,4 +1,4 @@ -/* $NetBSD: osf1_signal.c,v 1.23 2003/09/23 18:54:24 cl Exp $ */ +/* $NetBSD: osf1_signal.c,v 1.24 2004/10/27 19:29:57 david Exp $ */ /* * Copyright (c) 1999 Christopher G. Demetriou. All rights reserved. @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: osf1_signal.c,v 1.23 2003/09/23 18:54:24 cl Exp $"); +__KERNEL_RCSID(0, "$NetBSD: osf1_signal.c,v 1.24 2004/10/27 19:29:57 david Exp $"); #include #include @@ -64,6 +64,8 @@ osf1_sys_kill(l, v, retval) struct osf1_sys_kill_args *uap = v; struct sys_kill_args ka; + if (SCARG(uap, signum) < 0 || SCARG(uap, signum) > OSF1_NSIG) + return EINVAL; SCARG(&ka, pid) = SCARG(uap, pid); SCARG(&ka, signum) = osf1_to_native_signo[SCARG(uap, signum)]; return sys_kill(l, &ka, retval); @@ -84,6 +86,8 @@ osf1_sys_sigaction(l, v, retval) caddr_t sg; int error; + if (SCARG(uap, signum) < 0 || SCARG(uap, signum) > OSF1_NSIG) + return EINVAL; sg = stackgap_init(p, 0); nosa = SCARG(uap, nsa); oosa = SCARG(uap, osa); @@ -181,10 +185,13 @@ osf1_sys_signal(l, v, retval) { struct osf1_sys_signal_args *uap = v; struct proc *p = l->l_proc; - int signum = osf1_to_native_signo[OSF1_SIGNO(SCARG(uap, signum))]; + int signum; int error; caddr_t sg = stackgap_init(p, 0); + if (SCARG(uap, signum) < 0 || SCARG(uap, signum) > OSF1_NSIG) + return EINVAL; + signum = osf1_to_native_signo[OSF1_SIGNO(SCARG(uap, signum))]; if (signum <= 0 || signum >= OSF1_NSIG) { if (OSF1_SIGCALL(SCARG(uap, signum)) == OSF1_SIGNAL_MASK || OSF1_SIGCALL(SCARG(uap, signum)) == OSF1_SIGDEFER_MASK) diff --git a/sys/compat/svr4/svr4_filio.c b/sys/compat/svr4/svr4_filio.c index f4a2a165959e..92a3823e729c 100644 --- a/sys/compat/svr4/svr4_filio.c +++ b/sys/compat/svr4/svr4_filio.c @@ -1,4 +1,4 @@ -/* $NetBSD: svr4_filio.c,v 1.12 2003/06/29 22:29:47 fvdl Exp $ */ +/* $NetBSD: svr4_filio.c,v 1.13 2004/10/27 19:29:57 david Exp $ */ /*- * Copyright (c) 1994 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: svr4_filio.c,v 1.12 2003/06/29 22:29:47 fvdl Exp $"); +__KERNEL_RCSID(0, "$NetBSD: svr4_filio.c,v 1.13 2004/10/27 19:29:57 david Exp $"); #include #include @@ -85,6 +85,8 @@ svr4_fil_ioctl(fp, l, retval, fd, cmd, data) *retval = 0; + if ((fp = fd_getfile(fdp, fd)) == NULL) + return EBADF; switch (cmd) { case SVR4_FIOCLEX: fdp->fd_ofileflags[fd] |= UF_EXCLOSE; diff --git a/sys/compat/svr4/svr4_signal.c b/sys/compat/svr4/svr4_signal.c index f48d07b83380..219f2ca7ffff 100644 --- a/sys/compat/svr4/svr4_signal.c +++ b/sys/compat/svr4/svr4_signal.c @@ -1,4 +1,4 @@ -/* $NetBSD: svr4_signal.c,v 1.49 2003/01/18 17:31:06 thorpej Exp $ */ +/* $NetBSD: svr4_signal.c,v 1.50 2004/10/27 19:29:57 david Exp $ */ /*- * Copyright (c) 1994, 1998 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: svr4_signal.c,v 1.49 2003/01/18 17:31:06 thorpej Exp $"); +__KERNEL_RCSID(0, "$NetBSD: svr4_signal.c,v 1.50 2004/10/27 19:29:57 david Exp $"); #include #include @@ -234,7 +234,7 @@ svr4_sys_sigaction(l, v, retval) return (error); svr4_to_native_sigaction(&nssa, &nbsa); } - error = sigaction1(p, svr4_to_native_signo[SCARG(uap, signum)], + error = sigaction1(p, svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))], SCARG(uap, nsa) ? &nbsa : 0, SCARG(uap, osa) ? &obsa : 0, NULL, 0); if (error) @@ -478,7 +478,7 @@ svr4_sys_kill(l, v, retval) struct sys_kill_args ka; SCARG(&ka, pid) = SCARG(uap, pid); - SCARG(&ka, signum) = svr4_to_native_signo[SCARG(uap, signum)]; + SCARG(&ka, signum) = svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))]; return sys_kill(l, &ka, retval); } diff --git a/sys/compat/svr4_32/svr4_32_filio.c b/sys/compat/svr4_32/svr4_32_filio.c index 1c73f1376428..c09584463d89 100644 --- a/sys/compat/svr4_32/svr4_32_filio.c +++ b/sys/compat/svr4_32/svr4_32_filio.c @@ -1,4 +1,4 @@ -/* $NetBSD: svr4_32_filio.c,v 1.6 2003/06/29 22:29:50 fvdl Exp $ */ +/* $NetBSD: svr4_32_filio.c,v 1.7 2004/10/27 19:29:57 david Exp $ */ /*- * Copyright (c) 1994 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: svr4_32_filio.c,v 1.6 2003/06/29 22:29:50 fvdl Exp $"); +__KERNEL_RCSID(0, "$NetBSD: svr4_32_filio.c,v 1.7 2004/10/27 19:29:57 david Exp $"); #include #include @@ -84,6 +84,8 @@ svr4_32_fil_ioctl(fp, p, retval, fd, cmd, data) *retval = 0; + if ((fp = fd_getfile(fdp, fd)) == NULL) + return EBADF; switch (cmd) { case SVR4_FIOCLEX: fdp->fd_ofileflags[fd] |= UF_EXCLOSE; diff --git a/sys/compat/svr4_32/svr4_32_signal.c b/sys/compat/svr4_32/svr4_32_signal.c index 92e57ed8587c..3ec7e1975700 100644 --- a/sys/compat/svr4_32/svr4_32_signal.c +++ b/sys/compat/svr4_32/svr4_32_signal.c @@ -1,4 +1,4 @@ -/* $NetBSD: svr4_32_signal.c,v 1.11 2003/10/21 09:02:50 petrov Exp $ */ +/* $NetBSD: svr4_32_signal.c,v 1.12 2004/10/27 19:29:57 david Exp $ */ /*- * Copyright (c) 1994, 1998 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: svr4_32_signal.c,v 1.11 2003/10/21 09:02:50 petrov Exp $"); +__KERNEL_RCSID(0, "$NetBSD: svr4_32_signal.c,v 1.12 2004/10/27 19:29:57 david Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_svr4.h" @@ -369,7 +369,8 @@ svr4_32_sys_sigaction(l, v, retval) return (error); svr4_32_to_native_sigaction(&nssa, &nbsa); } - error = sigaction1(l->l_proc, svr4_to_native_signo[SCARG(uap, signum)], + error = sigaction1(l->l_proc, + svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))], SCARG(uap, nsa) ? &nbsa : 0, SCARG(uap, osa) ? &obsa : 0, NULL, 0); if (error) @@ -618,7 +619,7 @@ svr4_32_sys_kill(l, v, retval) struct sys_kill_args ka; SCARG(&ka, pid) = SCARG(uap, pid); - SCARG(&ka, signum) = svr4_to_native_signo[SCARG(uap, signum)]; + SCARG(&ka, signum) = svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))]; return sys_kill(l, &ka, retval); } diff --git a/sys/compat/ultrix/ultrix_misc.c b/sys/compat/ultrix/ultrix_misc.c index 407959260457..87e44122078b 100644 --- a/sys/compat/ultrix/ultrix_misc.c +++ b/sys/compat/ultrix/ultrix_misc.c @@ -1,4 +1,4 @@ -/* $NetBSD: ultrix_misc.c,v 1.94 2004/04/25 06:02:20 matt Exp $ */ +/* $NetBSD: ultrix_misc.c,v 1.95 2004/10/27 19:29:57 david Exp $ */ /* * Copyright (c) 1995, 1997 Jonathan Stone (hereinafter referred to as the author) @@ -76,7 +76,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ultrix_misc.c,v 1.94 2004/04/25 06:02:20 matt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ultrix_misc.c,v 1.95 2004/10/27 19:29:57 david Exp $"); #if defined(_KERNEL_OPT) #include "opt_nfsserver.h" @@ -539,7 +539,7 @@ ultrix_sys_cacheflush(struct lwp *l, void *v, register_t *retval) { struct ultrix_sys_cacheflush_args /* { syscallarg(void *) addr; - syscallarg(int) nbytes; + syscallarg(unsigned) nbytes; syscallarg(int) flag; } */ *uap = v; struct proc *p = l->l_proc;