freebsd-skq/sys/kern
Konstantin Belousov 267c52fc98 Fix several issues with parsing the notes for ELF objects.
Badly formed ELF note may cause the caclulated pointer to the next note
to point both after the note region, that was checked in the code, but
also to point before the region, that was not checked [1]. Remember the
first note location in note0 and leap out if the note is not between
note0 and note_end.

In the similar way, badly formed note may cause infinite loop by
pointing next note into the same or previous note. Guard against this by
limiting amount of loop iterations by arbitrary choosen big number.

For clarity, check the calculated note alignment in each iteration.

Reported by:	Chris Palmer <chris noncombatant org> [1]
PR:	kern/132886
Reviewed and tested by:	dchagin
MFC after:	3 days
2009-03-22 13:42:41 +00:00
..
bus_if.m Allow device hints to wire the unit numbers of devices. 2008-11-18 21:01:54 +00:00
clock_if.m
cpufreq_if.m
device_if.m
genassym.sh refactor code so it can run in a chroot without having to have /dev/mounted 2008-01-18 17:02:14 +00:00
imgact_aout.c Add sv_flags field to struct sysentvec with intention to provide description 2008-11-22 12:36:15 +00:00
imgact_elf32.c
imgact_elf64.c
imgact_elf.c Fix several issues with parsing the notes for ELF objects. 2009-03-22 13:42:41 +00:00
imgact_gzip.c VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in 2008-01-13 14:44:15 +00:00
imgact_shell.c Decontextualize the couplet VOP_GETATTR / VOP_SETATTR as the passed thread 2008-08-28 15:23:18 +00:00
inflate.c
init_main.c Rename three MAC entry points from _proc_ to _cred_ to reflect the fact 2008-10-28 11:33:06 +00:00
init_sysent.c Regenerate system call tables for r184789. 2008-11-09 10:48:06 +00:00
kern_acct.c Properly lock proctree_lock before locking the process while accounting. 2008-08-21 15:02:17 +00:00
kern_alq.c Use msleep_spin() instead of unlock/tsleep/lock. This was 2008-07-02 20:44:33 +00:00
kern_clock.c - Implement generic macros for producing KTR records that are compatible 2009-01-17 07:17:57 +00:00
kern_condvar.c Remove unused variables p' and unneeded assignments of rval'. 2009-02-26 13:00:13 +00:00
kern_conf.c Extract the no_poll() and vop_nopoll() code into the common routine 2009-03-06 15:35:37 +00:00
kern_cons.c Remove unneeded variable `ocn_mute'. 2009-02-26 13:01:45 +00:00
kern_context.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_cpu.c If possible, try to obtain max_mhz on cpufreq attach instead of first request. 2008-12-16 01:24:05 +00:00
kern_cpuset.c MFp4: 2008-11-29 14:32:14 +00:00
kern_ctf.c Add the CTF source file which gets shared with link_elf.c and link_elf_obj.c. 2008-05-23 03:04:27 +00:00
kern_descrip.c Remove the printf's when the vnode to be exported for procstat is not a VDIR. 2009-02-14 21:55:09 +00:00
kern_dtrace.c Remove code that isn't required. It actually breaks the case where KDTRACE_HOOKS 2008-06-16 04:44:29 +00:00
kern_environment.c Implement the following macros for completeness: 2008-07-21 15:05:25 +00:00
kern_event.c Fix a number of style issues in the MALLOC / FREE commit. I've tried to 2008-10-23 20:26:15 +00:00
kern_exec.c Supply AT_EXECPATH auxinfo entry to the interpreter, both for native and 2009-03-17 12:53:28 +00:00
kern_exit.c Remove even more unneeded variable assignments. 2009-02-26 15:51:54 +00:00
kern_fork.c Several threads in a process may do vfork() simultaneously. Then, all 2008-12-05 20:50:24 +00:00
kern_idle.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_intr.c style(9) 2008-09-23 14:25:56 +00:00
kern_jail.c Don't allow creating a socket with a protocol family that the current 2009-02-05 14:15:18 +00:00
kern_kthread.c Kill a dead variable 2008-08-03 21:07:19 +00:00
kern_ktr.c
kern_ktrace.c Add a new type of KTRACE record for sysctl(3) invocations. It uses the 2009-03-11 21:48:36 +00:00
kern_linker.c Scanning all the formats for binary translation of modules loading can 2009-02-10 15:50:19 +00:00
kern_lock.c - Wrap lock profiling state variables in #ifdef LOCK_PROFILING blocks. 2009-03-15 08:03:54 +00:00
kern_lockf.c Remove unused variable. 2008-11-27 04:40:37 +00:00
kern_malloc.c Remove even more unneeded variable assignments. 2009-02-26 15:51:54 +00:00
kern_mbuf.c Temporary workaround for the limitations of the mbuf flowid field: zero 2009-01-01 20:03:01 +00:00
kern_mib.c Mark most often used sysctl's as MPSAFE. 2009-01-28 19:58:05 +00:00
kern_module.c When the SYSINIT() to load a module invokes the MOD_LOAD event successfully, 2008-12-05 16:47:30 +00:00
kern_mtxpool.c Fix a number of style issues in the MALLOC / FREE commit. I've tried to 2008-10-23 20:26:15 +00:00
kern_mutex.c - Wrap lock profiling state variables in #ifdef LOCK_PROFILING blocks. 2009-03-15 08:03:54 +00:00
kern_ntptime.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
kern_osd.c Add support for methods to the OSD subsystem. Each object type has a 2009-02-21 11:15:38 +00:00
kern_physio.c
kern_pmc.c Support sparsely numbered CPUs. 2008-09-22 10:37:02 +00:00
kern_poll.c Remove IFF_NEEDSGIANT, a compatibility infrastructure introduced 2009-03-15 14:21:05 +00:00
kern_priv.c Reduce the verbosity of SDT trace points for DTrace by defining several 2009-03-03 17:15:05 +00:00
kern_proc.c - Add a function (fill_kinfo_aggregate()) which aggregates relevant 2009-02-18 21:52:13 +00:00
kern_prot.c Improve the consistency of MAC Framework and MAC policy entry point 2009-03-08 10:58:37 +00:00
kern_resource.c Don't rearm callout if the process is exiting, it may leak a callout 2008-10-24 01:09:24 +00:00
kern_rmlock.c Teach WITNESS about the interlocks used with lockmgr. This removes a bunch 2008-09-10 19:13:30 +00:00
kern_rwlock.c - Wrap lock profiling state variables in #ifdef LOCK_PROFILING blocks. 2009-03-15 08:03:54 +00:00
kern_sdt.c Add kernel support for the Statically Defined Trace provider. 2008-05-18 19:32:36 +00:00
kern_sema.c
kern_shutdown.c It's possible that the dump device has gone away after it was 2008-11-23 21:05:22 +00:00
kern_sig.c Remove even more unneeded variable assignments. 2009-02-26 15:51:54 +00:00
kern_subr.c Make ureadc() warn when holding any locks, just like uiomove(). 2008-08-28 19:34:58 +00:00
kern_switch.c fix typo in runz_fuzz 2008-05-12 06:42:06 +00:00
kern_sx.c - Wrap lock profiling state variables in #ifdef LOCK_PROFILING blocks. 2009-03-15 08:03:54 +00:00
kern_synch.c Remove even more unneeded variable assignments. 2009-02-26 15:51:54 +00:00
kern_syscalls.c Various style fixes. 7 space indent is just odd. 2008-09-18 20:10:11 +00:00
kern_sysctl.c Add a new type of KTRACE record for sysctl(3) invocations. It uses the 2009-03-11 21:48:36 +00:00
kern_tc.c By default, don't compile in counters of calls to various time 2009-03-08 22:19:28 +00:00
kern_thr.c Remove even more unneeded variable assignments. 2009-02-26 15:51:54 +00:00
kern_thread.c - Implement a new mechanism for resetting lock profiling. We now 2009-03-15 06:41:47 +00:00
kern_time.c Remove even more unneeded variable assignments. 2009-02-26 15:51:54 +00:00
kern_timeout.c Add explicit static DTrace tracing to the callout mechanism, capturing 2009-01-24 10:22:49 +00:00
kern_umtx.c 1) Check NULL pointer before calling umtx_pi_adjust_locked(), this avoids 2009-03-13 06:06:20 +00:00
kern_uuid.c For all files including net/vnet.h directly include opt_route.h and 2009-02-27 14:12:05 +00:00
kern_vimage.c Conditionally compile out V_ globals while instantiating the appropriate 2008-12-10 23:12:39 +00:00
kern_xxx.c Fix compilation. Also move ogetkerninfo() to kern_xxx.c. 2008-12-29 19:24:00 +00:00
ksched.c Commit 14/14 of sched_lock decomposition. 2007-06-05 00:00:57 +00:00
link_elf_obj.c Scanning all the formats for binary translation of modules loading can 2009-02-10 15:50:19 +00:00
link_elf.c Scanning all the formats for binary translation of modules loading can 2009-02-10 15:50:19 +00:00
linker_if.m Add the ctf_get method. 2008-05-23 04:06:49 +00:00
Make.tags.inc Catch up with the disappearance of sys/dev/hfa. 2008-12-01 14:34:42 +00:00
Makefile style.Makefile(5) 2007-12-14 21:30:51 +00:00
makesyscalls.sh Tidy up a few things with syscall generation: 2008-09-25 20:07:42 +00:00
md4c.c
md5c.c
p1003_1b.c Remove kernel support for M:N threading. 2008-03-12 10:12:01 +00:00
posix4_mib.c
sched_4bsd.c - Use __XSTRING where I want the define to be expanded. This resulted in 2009-01-25 07:35:10 +00:00
sched_ule.c - Fix an error that occurs when mp_ncpu is an odd number. steal_thresh 2009-03-14 11:41:36 +00:00
serdev_if.m
stack_protector.c Fix a chicken-and-egg problem: this files implements SSP support, 2008-06-26 07:52:45 +00:00
subr_acl_posix1e.c Rename a variable missed in previous accmode_t-related commits. 2008-10-28 21:58:48 +00:00
subr_autoconf.c Prefer ANSI function definitions to K&R ones. 2009-02-03 07:52:07 +00:00
subr_blist.c Retire the MALLOC and FREE macros. They are an abomination unto style(9). 2008-10-23 15:53:51 +00:00
subr_bufring.c - bump __FreeBSD version to reflect added buf_ring, memory barriers, 2008-11-22 05:55:56 +00:00
subr_bus.c Minor nits notice by jhb@ 2009-03-11 08:19:31 +00:00
subr_clist.c Remove a stale comment from the clists code. 2009-02-09 11:27:56 +00:00
subr_clock.c Now that all platforms use genclock, shuffle things around slightly 2008-04-22 19:38:30 +00:00
subr_devstat.c Use NULL in preference to 0 in pointer contexts. 2009-02-03 07:54:42 +00:00
subr_disk.c Clarify and reimplement the bioq API so that bioq_disksort() has 2009-02-13 11:36:32 +00:00
subr_eventhandler.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
subr_fattime.c
subr_firmware.c Use NULL in preference to 0 for pointers. 2009-02-03 07:51:11 +00:00
subr_hints.c
subr_kdb.c Expand kdb_alt_break a little, most commonly used with the option 2008-05-04 23:29:38 +00:00
subr_kobj.c Use NULL in preference to 0 in pointer contexts. 2009-02-03 07:54:42 +00:00
subr_lock.c - Implement a new mechanism for resetting lock profiling. We now 2009-03-15 06:41:47 +00:00
subr_log.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
subr_mbpool.c Add parens around *free in *free++ in mbp_count() so that mbp_count() 2007-05-27 17:38:36 +00:00
subr_mchain.c Replaced the misleading uses of a historical artefact M_TRYWAIT with M_WAIT. 2008-03-25 09:39:02 +00:00
subr_module.c
subr_msgbuf.c
subr_param.c Change the sysctls for maxbcache and maxswzone from int to long. I missed 2009-03-12 17:23:02 +00:00
subr_pcpu.c - Implement generic macros for producing KTR records that are compatible 2009-01-17 07:17:57 +00:00
subr_power.c
subr_prf.c Remove redundant code in printf() and vprintf(). 2009-02-27 13:28:54 +00:00
subr_prof.c Use ANSI function definition for profil. 2009-02-03 07:52:36 +00:00
subr_rman.c rman_debug should be static, so make it static. 2009-02-03 07:53:08 +00:00
subr_rtc.c int foo(void) is the proper ANSI function definition when there's no 2009-02-03 07:50:01 +00:00
subr_sbuf.c Switch to simplified BSD license (with phk's approval), plus whitespace 2008-08-09 10:26:21 +00:00
subr_scanf.c
subr_sleepqueue.c Revision 184199 had not been fully reverted, add missing piece. 2008-12-01 01:54:55 +00:00
subr_smp.c Initial suspend/resume support for amd64. 2009-03-17 00:48:11 +00:00
subr_stack.c Make it possible to compile kernel with KTR but without DDB. 2008-10-30 21:48:28 +00:00
subr_taskqueue.c Remove semicolon left in the last commit 2009-02-13 18:51:39 +00:00
subr_trap.c - Bug fix: prevent a thread from migrating between CPUs between the 2008-12-13 13:07:12 +00:00
subr_turnstile.c Make ddb command registration dynamic so modules can extend 2008-09-15 22:45:14 +00:00
subr_unit.c Since cdev mutex is after system map mutex in global lock order, free() 2007-07-04 06:56:58 +00:00
subr_witness.c Decompose the global UNIX domain sockets rwlock into two different 2009-03-08 21:48:29 +00:00
sys_generic.c When writing out updated pollfd records when returning from 2009-03-11 22:00:03 +00:00
sys_pipe.c - Make maxpipekva a signed long rather than an unsigned long as overflow 2009-03-10 21:28:43 +00:00
sys_process.c Use the p_sysent->sv_flags flag SV_ILP32 to detect 32bit process 2009-03-02 18:43:50 +00:00
sys_socket.c Lock receive socket buffer in soo_stat() rather than commenting that we 2008-10-07 07:10:28 +00:00
syscalls.c Regenerate system call tables for r184789. 2008-11-09 10:48:06 +00:00
syscalls.master Mark uname(), getdomainname() and setdomainname() with COMPAT_FREEBSD4. 2008-11-09 10:45:13 +00:00
systrace_args.c Regenerate system call tables for r184789. 2008-11-09 10:48:06 +00:00
sysv_ipc.c Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in 2007-06-12 00:12:01 +00:00
sysv_msg.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
sysv_sem.c Lock the semaphore identifier lock during semaphore initialization to 2009-01-15 12:15:46 +00:00
sysv_shm.c Systematically use vm_size_t to specify the size of the segment for VM KPI. 2009-03-05 11:45:42 +00:00
tty_compat.c Fix an awful bug inside our COMPAT_43TTY code. 2008-09-04 16:30:53 +00:00
tty_info.c Replace bcopy() calls inside the TTY layer with memcpy()/strlcpy(). 2009-02-28 14:20:26 +00:00
tty_inq.c Use unsigned longs for the TTY's sysctl stats. 2009-02-26 10:28:32 +00:00
tty_outq.c Use unsigned longs for the TTY's sysctl stats. 2009-02-26 10:28:32 +00:00
tty_pts.c Improve my previous changes to the TTY code: also remove memcpy(). 2009-03-01 09:50:13 +00:00
tty_pty.c Don't use PTY name as format string, even though it isn't insecure here. 2009-02-26 10:14:10 +00:00
tty_tty.c Remove unneeded Giant locking of /dev/tty. 2008-06-03 12:38:00 +00:00
tty_ttydisc.c Use unsigned longs for the TTY's sysctl stats. 2009-02-26 10:28:32 +00:00
tty.c Improve my previous changes to the TTY code: also remove memcpy(). 2009-03-01 09:50:13 +00:00
uipc_accf.c Retire the MALLOC and FREE macros. They are an abomination unto style(9). 2008-10-23 15:53:51 +00:00
uipc_cow.c Extend the struct vm_page wire_count to u_int to avoid the overflow 2009-01-03 13:24:08 +00:00
uipc_debug.c Remove extra 'comma = 0' in socket state printing code, which otherwise 2009-02-09 18:19:58 +00:00
uipc_domain.c Remove Giant locking from domains list. 2009-01-04 19:22:53 +00:00
uipc_mbuf2.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
uipc_mbuf.c Teach m_copyback() to use trailing space of the last mbuf in chain. 2009-01-18 20:19:55 +00:00
uipc_mqueue.c Fix matching of message queues by name. 2008-11-28 14:53:18 +00:00
uipc_sem.c Ensure that the semaphore value is re-checked after sem_lock 2009-03-12 10:36:39 +00:00
uipc_shm.c Shared memory objects that have size which is not necessarily equal to 2008-12-01 22:33:50 +00:00
uipc_sockbuf.c Rewrite sbreserve_locked()'s comment on NULL thread pointers, eliminating 2008-10-07 09:51:39 +00:00
uipc_socket.c Don't allow creating a socket with a protocol family that the current 2009-02-05 14:15:18 +00:00
uipc_syscalls.c Retire the MALLOC and FREE macros. They are an abomination unto style(9). 2008-10-23 15:53:51 +00:00
uipc_usrreq.c Decompose the global UNIX domain sockets rwlock into two different 2009-03-08 21:48:29 +00:00
vfs_acl.c Add the support for the AT_FDCWD and fd-relative name lookups to the 2008-03-31 12:01:21 +00:00
vfs_aio.c Use the correct type for the timeout parameter to the 32-bit 2009-01-23 13:23:17 +00:00
vfs_bio.c Fix an old-standing bug that crept in along the several revisions: 2009-03-17 16:30:49 +00:00
vfs_cache.c Do not underflow the buffer and then report the problem. Check for the 2009-03-20 11:08:57 +00:00
vfs_cluster.c - Complete part of the unfinished bufobj work by consistently using 2008-03-22 09:15:16 +00:00
vfs_default.c Add a default implementation for VOP_VPTOCNP(9) which scans the parent 2009-03-08 19:05:53 +00:00
vfs_export.c drop rnh lock before destroying it 2008-12-28 14:32:27 +00:00
vfs_extattr.c Remove 'uio' argument from MAC Framework and MAC policy entry points for 2009-03-08 12:32:06 +00:00
vfs_hash.c In keeping with style(9)'s recommendations on macros, use a ';' 2008-03-16 10:58:09 +00:00
vfs_init.c Expand the scope of the sysctllock sx lock to protect the sysctl tree itself. 2009-02-06 14:51:32 +00:00
vfs_lookup.c Gah, fix the code to match the comment. For non-open lookups use a 2009-03-11 14:39:55 +00:00
vfs_mount.c Extend the "vfsopt" mount options for more general use. Make struct 2009-03-02 23:26:30 +00:00
vfs_subr.c Change vfs_busy to wait until an outcome of pending unmount 2009-03-02 20:51:39 +00:00
vfs_syscalls.c Don't make Linux stat() open character devices to resolve its name. 2009-02-20 13:05:29 +00:00
vfs_vnops.c Add a new internal mount flag (MNTK_EXTENDED_SHARED) to indicate that a 2009-03-11 14:13:47 +00:00
vnode_if.src Add a new internal mount flag (MNTK_EXTENDED_SHARED) to indicate that a 2009-03-11 14:13:47 +00:00