d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't allow user process to set an invalid window state through sigreturn.

Browse Source 
Spotted by:	tmm
This commit is contained in:
Jake Burkholder 2003-01-10 00:04:56 +00:00
parent a9a7a91220
commit 4ee5222bac
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=109036
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sys/sparc64/include/ucontext.h
View File

@ -51,6 +51,7 @@ typedef struct __mcontext mcontext_t;
#define mc_tpc mc_in[1]
#define mc_tstate mc_in[2]
#define mc_y mc_in[4]
#define mc_wstate mc_in[5]
#define _MC_VERSION_SHIFT 0
#define _MC_VERSION_BITS 32

12
sys/sparc64/sparc64/machdep.c
View File

@ -461,7 +461,9 @@ struct sigreturn_args {
int
sigreturn(struct thread *td, struct sigreturn_args *uap)
{
struct trapframe *tf;
struct proc *p;
mcontext_t *mc;
ucontext_t uc;
p = td->td_proc;
@ -476,9 +478,12 @@ sigreturn(struct thread *td, struct sigreturn_args *uap)
return (EFAULT);
}
if (!TSTATE_SECURE(uc.uc_mcontext.mc_tstate))
mc = &uc.uc_mcontext;
tf = td->td_frame;
if (!TSTATE_SECURE(mc->mc_tstate))
return (EINVAL);
bcopy(&uc.uc_mcontext, td->td_frame, sizeof(*td->td_frame));
mc->mc_wstate = tf->tf_wstate;
bcopy(mc, tf, sizeof(*tf));
PROC_LOCK(p);
p->p_sigmask = uc.uc_sigmask;
@ -487,8 +492,7 @@ sigreturn(struct thread *td, struct sigreturn_args *uap)
PROC_UNLOCK(p);
CTR4(KTR_SIG, "sigreturn: return td=%p pc=%#lx sp=%#lx tstate=%#lx",
td, td->td_frame->tf_tpc, td->td_frame->tf_sp,
td->td_frame->tf_tstate);
td, tf->tf_tpc, tf->tf_sp, tf->tf_tstate);
return (EJUSTRETURN);
}