freebsd-skq/sys/i386/ibcs2
Tim J. Robbins a95edcba94 Fix a multitude of security bugs in the iBCS2 emulator:
- Return NULL instead of returning memory outside of the stackgap
  in stackgap_alloc() (FreeBSD-SA-00:42.linux)
- Check for stackgap_alloc() returning NULL in ibcs2_emul_find();
  other calls to stackgap_alloc() have not been changed since they
  are small fixed-size allocations.
- Replace use of strcpy() with strlcpy() in exec_coff_imgact()
  to avoid buffer overflow
- Use strlcat() instead of strcat() to avoid a one byte buffer
  overflow in ibcs2_setipdomainname()
- Use copyinstr() instead of copyin() in ibcs2_setipdomainname()
  to ensure that the string is null-terminated
- Avoid integer overflow in ibcs2_setgroups() and ibcs2_setgroups()
  by checking that gidsetsize argument is non-negative and
  no larger than NGROUPS_MAX.
- Range-check signal numbers in ibcs2_wait(), ibcs2_sigaction(),
  ibcs2_sigsys() and ibcs2_kill() to avoid accessing array past
  the end (or before the start)
2003-10-12 04:25:26 +00:00
..
coff.h
ibcs2_dirent.h
ibcs2_errno.c
ibcs2_errno.h
ibcs2_fcntl.c
ibcs2_fcntl.h
ibcs2_ioctl.c
ibcs2_ioctl.h
ibcs2_ipc.c
ibcs2_ipc.h
ibcs2_isc_syscall.h
ibcs2_isc_sysent.c
ibcs2_isc.c
ibcs2_misc.c
ibcs2_mount.h
ibcs2_msg.c
ibcs2_other.c
ibcs2_poll.h
ibcs2_proto.h
ibcs2_signal.c
ibcs2_signal.h
ibcs2_socksys.c
ibcs2_socksys.h
ibcs2_stat.c
ibcs2_stat.h
ibcs2_statfs.h
ibcs2_stropts.h
ibcs2_syscall.h
ibcs2_sysent.c
ibcs2_sysi86.c
ibcs2_sysvec.c
ibcs2_termios.h
ibcs2_time.h
ibcs2_types.h
ibcs2_unistd.h
ibcs2_ustat.h
ibcs2_util.c
ibcs2_util.h
ibcs2_utime.h
ibcs2_utsname.h
ibcs2_xenix_syscall.h
ibcs2_xenix_sysent.c
ibcs2_xenix.c
ibcs2_xenix.h
imgact_coff.c
Makefile
syscalls.conf
syscalls.isc
syscalls.isc.conf
syscalls.master
syscalls.xenix
syscalls.xenix.conf