Author: kevans
Date: Sat Nov 7 04:10:23 2020
New Revision: 367442
URL: https://svnweb.freebsd.org/changeset/base/367442
Log:
imgact_binmisc: validate flags coming from userland
We may want to reserve bits in the future for kernel-only use, so start
rejecting any that aren't the two that we're currently expecting from
userland.
MFC after: 1 week
Modified:
head/sys/kern/imgact_binmisc.c
head/sys/sys/imgact_binmisc.h
Modified: head/sys/kern/imgact_binmisc.c
==============================================================================
--- head/sys/kern/imgact_binmisc.c Sat Nov 7 03:43:45 2020
(r367441)
+++ head/sys/kern/imgact_binmisc.c Sat Nov 7 04:10:23 2020
(r367442)
@@ -434,6 +434,8 @@ sysctl_kern_binmisc(SYSCTL_HANDLER_ARGS)
return (error);
if (IBE_VERSION != xbe.xbe_version)
return (EINVAL);
+ if ((xbe.xbe_flags & ~IBF_VALID_UFLAGS) != 0)
+ return (EINVAL);
if (interp_list_entry_count == IBE_MAX_ENTRIES)
return (ENOSPC);
error = imgact_binmisc_add_entry(&xbe);
Modified: head/sys/sys/imgact_binmisc.h
==============================================================================
--- head/sys/sys/imgact_binmisc.h Sat Nov 7 03:43:45 2020
(r367441)
+++ head/sys/sys/imgact_binmisc.h Sat Nov 7 04:10:23 2020
(r367442)
@@ -53,6 +53,8 @@
#define IBF_ENABLED 0x0001 /* Entry is active. */
#define IBF_USE_MASK 0x0002 /* Use mask on header magic field. */
+#define IBF_VALID_UFLAGS 0x0003 /* Bits allowed from userland.
*/
+
/*
* Used with sysctlbyname() to pass imgact bin misc entries in and out of the
* kernel.
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
