imgact_binmisc: validate flags coming from userland

We may want to reserve bits in the future for kernel-only use, so start rejecting any that aren't the two that we're currently expecting from userland. MFC after: 1 week
svn path=/head/; revision=367442
2020-11-07 04:10:23 +00:00 · 2020-11-07 04:10:23 +00:00 · 7d3ed9777a · 2020-12-20 02:59:44 +00:00
commit 7d3ed9777a
parent 2c5e865059
2 changed files with 4 additions and 0 deletions
--- a/sys/kern/imgact_binmisc.c
+++ b/sys/kern/imgact_binmisc.c
@ -434,6 +434,8 @@ sysctl_kern_binmisc(SYSCTL_HANDLER_ARGS)
 			return (error);
 		if (IBE_VERSION != xbe.xbe_version)
 			return (EINVAL);
+		if ((xbe.xbe_flags & ~IBF_VALID_UFLAGS) != 0)
+			return (EINVAL);
 		if (interp_list_entry_count == IBE_MAX_ENTRIES)
 			return (ENOSPC);
 		error = imgact_binmisc_add_entry(&xbe);
--- a/sys/sys/imgact_binmisc.h
+++ b/sys/sys/imgact_binmisc.h
@ -53,6 +53,8 @@
 #define	IBF_ENABLED	0x0001	/* Entry is active. */
 #define	IBF_USE_MASK	0x0002	/* Use mask on header magic field. */

+#define	IBF_VALID_UFLAGS	0x0003	/* Bits allowed from userland. */
+
 /*
 * Used with sysctlbyname() to pass imgact bin misc entries in and out of the
 * kernel.