Validate gate targets.
Fix by myself and Charles Hannum.
This commit is contained in:
parent
f64af41401
commit
e8d906afaa
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: sys_machdep.c,v 1.54 2001/01/16 01:50:36 mycroft Exp $ */
|
||||
/* $NetBSD: sys_machdep.c,v 1.55 2001/01/16 23:32:21 sommerfeld Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1998 The NetBSD Foundation, Inc.
|
||||
@ -222,6 +222,17 @@ i386_set_ldt(p, args, retval)
|
||||
break;
|
||||
case SDT_SYS286CGT:
|
||||
case SDT_SYS386CGT:
|
||||
/*
|
||||
* Only allow call gates targeting a segment
|
||||
* in the LDT or a user segment in the fixed
|
||||
* part of the gdt. Segments in the LDT are
|
||||
* constrained (below) to be user segments.
|
||||
*/
|
||||
if (desc.gd.gd_p != 0 && !ISLDT(desc.gd.gd_selector) &&
|
||||
((IDXSEL(desc.gd.gd_selector) >= NGDT) ||
|
||||
(gdt[IDXSEL(desc.gd.gd_selector)].sd.sd_dpl !=
|
||||
SEL_UPL)))
|
||||
return (EACCES);
|
||||
/* Can't replace in use descriptor with gate. */
|
||||
if (n == fsslot || n == gsslot)
|
||||
return (EBUSY);
|
||||
|
Loading…
Reference in New Issue
Block a user