Validate gate targets.

Fix by myself and Charles Hannum.
This commit is contained in:
sommerfeld 2001-01-16 23:32:21 +00:00
parent f64af41401
commit e8d906afaa

View File

@ -1,4 +1,4 @@
/* $NetBSD: sys_machdep.c,v 1.54 2001/01/16 01:50:36 mycroft Exp $ */
/* $NetBSD: sys_machdep.c,v 1.55 2001/01/16 23:32:21 sommerfeld Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@ -222,6 +222,17 @@ i386_set_ldt(p, args, retval)
break;
case SDT_SYS286CGT:
case SDT_SYS386CGT:
/*
* Only allow call gates targeting a segment
* in the LDT or a user segment in the fixed
* part of the gdt. Segments in the LDT are
* constrained (below) to be user segments.
*/
if (desc.gd.gd_p != 0 && !ISLDT(desc.gd.gd_selector) &&
((IDXSEL(desc.gd.gd_selector) >= NGDT) ||
(gdt[IDXSEL(desc.gd.gd_selector)].sd.sd_dpl !=
SEL_UPL)))
return (EACCES);
/* Can't replace in use descriptor with gate. */
if (n == fsslot || n == gsslot)
return (EBUSY);