Author: glebius Date: Wed Mar 16 22:33:12 2016 New Revision: 296956 URL: https://svnweb.freebsd.org/changeset/base/296956
Log: Due to invalid use of a signed intermediate value in the bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode. Submitted by: CORE Security Patch by: kib Security: SA-16:15 Modified: head/sys/amd64/amd64/sys_machdep.c Modified: head/sys/amd64/amd64/sys_machdep.c ============================================================================== --- head/sys/amd64/amd64/sys_machdep.c Wed Mar 16 22:31:04 2016 (r296955) +++ head/sys/amd64/amd64/sys_machdep.c Wed Mar 16 22:33:12 2016 (r296956) @@ -580,8 +580,8 @@ amd64_set_ldt(td, uap, descs) struct i386_ldt_args *uap; struct user_segment_descriptor *descs; { - int error = 0, i; - int largest_ld; + int error = 0; + unsigned int largest_ld, i; struct mdproc *mdp = &td->td_proc->p_md; struct proc_ldt *pldt; struct user_segment_descriptor *dp; _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"