imgact_binmisc: validate flags coming from userland
We may want to reserve bits in the future for kernel-only use, so start rejecting any that aren't the two that we're currently expecting from userland. MFC after: 1 week
This commit is contained in:
parent
2c5e865059
commit
7d3ed9777a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=367442
@ -434,6 +434,8 @@ sysctl_kern_binmisc(SYSCTL_HANDLER_ARGS)
|
||||
return (error);
|
||||
if (IBE_VERSION != xbe.xbe_version)
|
||||
return (EINVAL);
|
||||
if ((xbe.xbe_flags & ~IBF_VALID_UFLAGS) != 0)
|
||||
return (EINVAL);
|
||||
if (interp_list_entry_count == IBE_MAX_ENTRIES)
|
||||
return (ENOSPC);
|
||||
error = imgact_binmisc_add_entry(&xbe);
|
||||
|
@ -53,6 +53,8 @@
|
||||
#define IBF_ENABLED 0x0001 /* Entry is active. */
|
||||
#define IBF_USE_MASK 0x0002 /* Use mask on header magic field. */
|
||||
|
||||
#define IBF_VALID_UFLAGS 0x0003 /* Bits allowed from userland. */
|
||||
|
||||
/*
|
||||
* Used with sysctlbyname() to pass imgact bin misc entries in and out of the
|
||||
* kernel.
|
||||
|
Loading…
Reference in New Issue
Block a user