summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Guenthe <guenther@cvs.openbsd.org>2010-06-29 16:39:24 +0000
committerPhilip Guenthe <guenther@cvs.openbsd.org>2010-06-29 16:39:24 +0000
commit7e2ce9013f05c75e01cb40373c07987f0ef38c18 (patch)
tree8e34ccfaba6ca7f0da217e7b885f3d9863b3b73c
parent1ed6e9cfcea3a61394a15bffa818853ef153e52b (diff)
Fail instead of lying if a process asks sysctl()'s KERN_PROC2 or
KERN_FILE2 (or their libkvm wrappers) for more information than the running implementation knows how to provide. ok millert@ deraadt@
-rw-r--r--lib/libkvm/kvm_file2.c7
-rw-r--r--lib/libkvm/kvm_proc2.c8
-rw-r--r--sys/kern/kern_sysctl.c7
3 files changed, 17 insertions, 5 deletions
diff --git a/lib/libkvm/kvm_file2.c b/lib/libkvm/kvm_file2.c
index 0df59df095a..2af3d7702fa 100644
--- a/lib/libkvm/kvm_file2.c
+++ b/lib/libkvm/kvm_file2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kvm_file2.c,v 1.14 2010/01/10 03:37:50 guenther Exp $ */
+/* $OpenBSD: kvm_file2.c,v 1.15 2010/06/29 16:39:23 guenther Exp $ */
/*
* Copyright (c) 2009 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -172,6 +172,11 @@ kvm_getfile2(kvm_t *kd, int op, int arg, size_t esize, int *cnt)
*cnt = size / esize;
return ((struct kinfo_file2 *)kd->filebase);
} else {
+ if (esize > sizeof(struct kinfo_file2)) {
+ _kvm_syserr(kd, kd->program,
+ "kvm_getfile2: unknown fields requested: libkvm out of date?");
+ return (NULL);
+ }
deadway:
switch (op) {
case KERN_FILE_BYFILE:
diff --git a/lib/libkvm/kvm_proc2.c b/lib/libkvm/kvm_proc2.c
index 7e3fb8b863b..00e7f774dec 100644
--- a/lib/libkvm/kvm_proc2.c
+++ b/lib/libkvm/kvm_proc2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kvm_proc2.c,v 1.1 2010/01/10 03:37:50 guenther Exp $ */
+/* $OpenBSD: kvm_proc2.c,v 1.2 2010/06/29 16:39:23 guenther Exp $ */
/* $NetBSD: kvm_proc.c,v 1.30 1999/03/24 05:50:50 mrg Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -330,6 +330,12 @@ kvm_getproc2(kvm_t *kd, int op, int arg, size_t esize, int *cnt)
struct proc *p;
char *bp;
+ if (esize > sizeof(struct kinfo_proc2)) {
+ _kvm_syserr(kd, kd->program,
+ "kvm_getproc2: unknown fields requested: libkvm out of date?");
+ return (NULL);
+ }
+
memset(nl, 0, sizeof(nl));
nl[0].n_name = "_nprocs";
nl[1].n_name = "_allproc";
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index 125e8334668..401280e5101 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_sysctl.c,v 1.185 2010/06/29 00:28:14 tedu Exp $ */
+/* $OpenBSD: kern_sysctl.c,v 1.186 2010/06/29 16:39:22 guenther Exp $ */
/* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */
/*-
@@ -1198,7 +1198,7 @@ sysctl_file2(int *name, u_int namelen, char *where, size_t *sizep,
if (namelen > 4)
return (ENOTDIR);
- if (namelen < 4)
+ if (namelen < 4 || name[2] > sizeof(*kf))
return (EINVAL);
buflen = where != NULL ? *sizep : 0;
@@ -1352,7 +1352,8 @@ sysctl_doproc(int *name, u_int namelen, char *where, size_t *sizep)
elem_size = elem_count = 0;
eproc = malloc(sizeof(struct eproc), M_TEMP, M_WAITOK);
} else /* if (type == KERN_PROC2) */ {
- if (namelen != 5 || name[3] < 0 || name[4] < 0)
+ if (namelen != 5 || name[3] < 0 || name[4] < 0 ||
+ name[3] > sizeof(*kproc2))
return (EINVAL);
op = name[1];
arg = name[2];