Diffusion FreeBSD src repository 8a4d2b06c70b

Bounds check the length parameter to i386_set_ldt() before passing it
8a4d2b06c70b
Actions

Edit Commit
Download Raw Diff
Edit Related Objects...
Edit Revisions
Mute Notifications
Flag For Later
Award Token

Description

Bounds check the length parameter to i386_set_ldt() before passing it
to kmem_alloc(). Failure to do this made it possible for user
processes to cause a hard lock on i386 kernels. I believe this only
affects 6-CURRENT on or after 2005-01-26.

Found by: Coverity Prevent analysis tool
Security: Local DOS

Details

Provenance

David Schultz <das@FreeBSD.org>

Authored on Mar 23 2005, 8:28 AM

Parents

rGaa675b572f72: Reject packets larger than IP_MAXPACKET in linux_sendto() for sockets

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (1)

Path

Size

sys/

i386/

sys_machdep.c

rG8a4d2b06c70b

View Options

sys/i386/i386/sys_machdep.c