summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Guenther <guenther@cvs.openbsd.org>2016-07-14 05:55:09 +0000
committerPhilip Guenther <guenther@cvs.openbsd.org>2016-07-14 05:55:09 +0000
commit28d4992f851dc49b5d98e6bfd77e7517f03b3507 (patch)
tree803f057174952615bb57d2a6601460af251cd921
parent459430503e1b38161d2b432e58704502d68bdef5 (diff)
Prevent silly states via knotes on pids > 2^32 and on nonexistent signals.
ok tedu@
-rw-r--r--regress/sys/kern/kqueue/kqueue-process.c11
-rw-r--r--regress/sys/kern/kqueue/kqueue-signal.c8
-rw-r--r--sys/kern/kern_event.c5
-rw-r--r--sys/kern/kern_sig.c5
4 files changed, 25 insertions, 4 deletions
diff --git a/regress/sys/kern/kqueue/kqueue-process.c b/regress/sys/kern/kqueue/kqueue-process.c
index d62b2699d18..a579445cdd5 100644
--- a/regress/sys/kern/kqueue/kqueue-process.c
+++ b/regress/sys/kern/kqueue/kqueue-process.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kqueue-process.c,v 1.9 2016/03/17 19:40:43 krw Exp $ */
+/* $OpenBSD: kqueue-process.c,v 1.10 2016/07/14 05:55:08 guenther Exp $ */
/*
* Written by Artur Grabowski <art@openbsd.org> 2002 Public Domain
*/
@@ -10,6 +10,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <err.h>
+#include <errno.h>
#include <unistd.h>
#include <signal.h>
@@ -65,6 +66,14 @@ do_process(void)
ASS(kevent(kq, &ke, 1, NULL, 0, NULL) == 0,
warn("can't register events on kqueue"));
+ /* negative case */
+ EV_SET(&ke, pid + (1ULL << 32), EVFILT_PROC, EV_ADD|EV_ENABLE|EV_CLEAR,
+ NOTE_EXIT|NOTE_FORK|NOTE_EXEC|NOTE_TRACK, 0, NULL);
+ ASS(kevent(kq, &ke, 1, NULL, 0, NULL) != 0,
+ warnx("can register bogus pid on kqueue"));
+ ASS(errno == ESRCH,
+ warn("register bogus pid on kqueue returned wrong error"));
+
kill(pid, SIGUSR1); /* sync 1 */
didfork = didchild = 0;
diff --git a/regress/sys/kern/kqueue/kqueue-signal.c b/regress/sys/kern/kqueue/kqueue-signal.c
index 0ad7b701303..97980968373 100644
--- a/regress/sys/kern/kqueue/kqueue-signal.c
+++ b/regress/sys/kern/kqueue/kqueue-signal.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kqueue-signal.c,v 1.1 2011/07/07 02:00:51 guenther Exp $ */
+/* $OpenBSD: kqueue-signal.c,v 1.2 2016/07/14 05:55:08 guenther Exp $ */
/*
* Written by Philip Guenther <guenther@openbsd.org> 2011 Public Domain
*/
@@ -71,6 +71,12 @@ do_signal(void)
ASS(kevent(kq, &ke, 1, NULL, 0, NULL) == 0,
warn("can't register events on kqueue"));
+ EV_SET(&ke, 10000, EVFILT_SIGNAL, EV_ADD|EV_ENABLE, 0, 0, NULL);
+ ASS(kevent(kq, &ke, 1, NULL, 0, NULL) != 0,
+ warnx("registered bogus signal on kqueue"));
+ ASS(errno == EINVAL,
+ warn("registering bogus signal on kqueue returned wrong error"));
+
ASSX(saw_usr1 == 0);
kill(pid, SIGUSR1);
ASSX(saw_usr1 == 1);
diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index 3010c198b37..b5ba9202f25 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_event.c,v 1.73 2016/07/14 02:35:17 tedu Exp $ */
+/* $OpenBSD: kern_event.c,v 1.74 2016/07/14 05:55:08 guenther Exp $ */
/*-
* Copyright (c) 1999,2000,2001 Jonathan Lemon <jlemon@FreeBSD.org>
@@ -216,6 +216,9 @@ filt_procattach(struct knote *kn)
(curproc->p_p->ps_pledge & PLEDGE_PROC) == 0)
return pledge_fail(curproc, EPERM, PLEDGE_PROC);
+ if (kn->kn_id > PID_MAX)
+ return ESRCH;
+
pr = prfind(kn->kn_id);
if (pr == NULL)
return (ESRCH);
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 0d9eb786495..374e58d9bc4 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_sig.c,v 1.201 2016/07/06 15:53:01 tedu Exp $ */
+/* $OpenBSD: kern_sig.c,v 1.202 2016/07/14 05:55:08 guenther Exp $ */
/* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */
/*
@@ -1824,6 +1824,9 @@ filt_sigattach(struct knote *kn)
{
struct process *pr = curproc->p_p;
+ if (kn->kn_id >= NSIG)
+ return EINVAL;
+
kn->kn_ptr.p_process = pr;
kn->kn_flags |= EV_CLEAR; /* automatically set */