freebsd-dev/sys/compat/svr4
Tim J. Robbins 78b73f3e05 Fix some security bugs in the SVR4 emulator:
- Return NULL instead of returning memory outside of the stackgap
  in stackgap_alloc() (FreeBSD-SA-00:42.linux)
- Check for stackgap_alloc() returning NULL in svr4_emul_find(),
  and clean_pipe().
- Avoid integer overflow on large nfds argument in svr4_sys_poll()
- Reject negative nbytes argument in svr4_sys_getdents()
- Don't copy out past the end of the struct componentname
  pathname buffer in svr4_sys_resolvepath()
- Reject out-of-range signal numbers in svr4_sys_sigaction(),
  svr4_sys_signal(), and svr4_sys_kill().
- Don't malloc() user-specified lengths in show_ioc() and
  show_strbuf(), place arbitrary limits instead.
- Range-check lengths in si_listen(), ti_getinfo(), ti_bind(),
  svr4_do_putmsg(), svr4_do_getmsg(), svr4_stream_ti_ioctl().

Some fixes obtain from OpenBSD.
2003-10-20 10:38:48 +00:00
..
imgact_svr4.c
Makefile
svr4_acl.h
svr4_dirent.h
svr4_errno.h
svr4_exec.h
svr4_fcntl.c
svr4_fcntl.h
svr4_filio.c
svr4_filio.h
svr4_fuser.h
svr4_hrt.h
svr4_ioctl.c
svr4_ioctl.h
svr4_ipc.c
svr4_ipc.h
svr4_misc.c
svr4_mman.h
svr4_proto.h
svr4_resource.c
svr4_resource.h
svr4_siginfo.h
svr4_signal.c
svr4_signal.h
svr4_socket.c
svr4_socket.h
svr4_sockio.c
svr4_sockio.h
svr4_sockmod.h
svr4_stat.c
svr4_stat.h
svr4_statvfs.h
svr4_stream.c
svr4_stropts.h
svr4_syscall.h
svr4_syscallnames.c
svr4_sysconfig.h
svr4_sysent.c
svr4_systeminfo.h
svr4_sysvec.c
svr4_termios.c
svr4_termios.h
svr4_time.h
svr4_timod.h
svr4_ttold.c
svr4_ttold.h
svr4_types.h
svr4_ucontext.h
svr4_ulimit.h
svr4_ustat.h
svr4_util.h
svr4_utsname.h
svr4_wait.h
svr4.h
syscalls.conf
syscalls.master