d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Due to invalid use of a signed intermediate value in the bounds checking

Browse Source 
during argument validity verification, unbound zero'ing of the process LDT
and adjacent memory can be initiated from usermode.

Submitted by:	CORE Security
Patch by:	kib
Security:	SA-16:15
This commit is contained in:
glebius 2016-03-16 22:33:12 +00:00
parent 7d1fd13da9
commit ecffce941a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/amd64/amd64/sys_machdep.c
View File

@ -580,8 +580,8 @@ amd64_set_ldt(td, uap, descs)
struct i386_ldt_args *uap;
struct user_segment_descriptor *descs;
{
int error = 0, i;
int largest_ld;
int error = 0;
unsigned int largest_ld, i;
struct mdproc *mdp = &td->td_proc->p_md;
struct proc_ldt *pldt;
struct user_segment_descriptor *dp;