On Tue, Oct 25, 2016 at 09:26:00PM +0200, Tijl Coosemans wrote: > On Tue, 25 Oct 2016 17:13:46 +0000 (UTC) Gleb Smirnoff <gleb...@freebsd.org> > wrote: > > Author: glebius > > Date: Tue Oct 25 17:13:46 2016 > > New Revision: 307936 > > URL: https://svnweb.freebsd.org/changeset/base/307936 > > > > Log: > > The argument validation in r296956 was not enough to close all possible > > overflows in sysarch(2). > > > > Submitted by: Kun Yang <kun.yang chaitin.com> > > Patch by: kib > > Security: SA-16:15 > > > > Modified: > > head/sys/amd64/amd64/sys_machdep.c > > This patch and r296956 need to be applied to i386 too, don't they? I do not think so. The amd64 bug is that I thought that the overflow checks were not needed, which appeared to be not true.
i386_set_ldt(), which is the i386 version of amd64_set_ldt(), already contained the comparisions of largest_ld with pldt->ldt_len etc. Still, independend look at the i386 (and amd64 version as well) is more than welcomed, so please read the code yourself. _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
