diff options
| author | Miod Vallat <miod@cvs.openbsd.org> | 2023-12-13 15:57:23 +0000 |
|---|---|---|
| committer | Miod Vallat <miod@cvs.openbsd.org> | 2023-12-13 15:57:23 +0000 |
| commit | 3ce91d347df05f82e01cbc0fb507b4d6115d25d2 (patch) | |
| tree | a3805e4b25614ba51c492f7f9984a11ba5fdfc82 | |
| parent | e1a7ce4264d639195d857541152c9ad6b70e0a86 (diff) | |
Fix syscall number bounds check computations.
| -rw-r--r-- | sys/arch/alpha/alpha/trap.c | 4 | ||||
| -rw-r--r-- | sys/arch/arm/arm/syscall.c | 4 | ||||
| -rw-r--r-- | sys/arch/arm64/arm64/syscall.c | 4 | ||||
| -rw-r--r-- | sys/arch/hppa/hppa/trap.c | 4 | ||||
| -rw-r--r-- | sys/arch/i386/i386/trap.c | 4 | ||||
| -rw-r--r-- | sys/arch/m88k/m88k/trap.c | 6 | ||||
| -rw-r--r-- | sys/arch/mips64/mips64/trap.c | 4 | ||||
| -rw-r--r-- | sys/arch/powerpc/powerpc/trap.c | 4 | ||||
| -rw-r--r-- | sys/arch/powerpc64/powerpc64/syscall.c | 4 | ||||
| -rw-r--r-- | sys/arch/riscv64/riscv64/syscall.c | 4 | ||||
| -rw-r--r-- | sys/arch/sh/sh/trap.c | 4 | ||||
| -rw-r--r-- | sys/arch/sparc64/sparc64/trap.c | 4 |
12 files changed, 25 insertions, 25 deletions
diff --git a/sys/arch/alpha/alpha/trap.c b/sys/arch/alpha/alpha/trap.c index fc697aadf41..c5d57de02ab 100644 --- a/sys/arch/alpha/alpha/trap.c +++ b/sys/arch/alpha/alpha/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.109 2023/12/12 15:30:55 deraadt Exp $ */ +/* $OpenBSD: trap.c,v 1.110 2023/12/13 15:57:22 miod Exp $ */ /* $NetBSD: trap.c,v 1.52 2000/05/24 16:48:33 thorpej Exp $ */ /*- @@ -514,7 +514,7 @@ syscall(u_int64_t code, struct trapframe *framep) opc = framep->tf_regs[FRAME_PC] - 4; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; nargs = callp->sy_narg; diff --git a/sys/arch/arm/arm/syscall.c b/sys/arch/arm/arm/syscall.c index 3879834e2ea..0252626eeac 100644 --- a/sys/arch/arm/arm/syscall.c +++ b/sys/arch/arm/arm/syscall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall.c,v 1.27 2023/12/12 15:30:55 deraadt Exp $ */ +/* $OpenBSD: syscall.c,v 1.28 2023/12/13 15:57:22 miod Exp $ */ /* $NetBSD: syscall.c,v 1.24 2003/11/14 19:03:17 scw Exp $ */ /*- @@ -114,7 +114,7 @@ swi_handler(trapframe_t *frame) code = frame->tf_r12; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; nargs = callp->sy_argsize / sizeof(register_t); diff --git a/sys/arch/arm64/arm64/syscall.c b/sys/arch/arm64/arm64/syscall.c index 7a9c1b683ee..675423d1cc2 100644 --- a/sys/arch/arm64/arm64/syscall.c +++ b/sys/arch/arm64/arm64/syscall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall.c,v 1.16 2023/12/12 23:43:35 deraadt Exp $ */ +/* $OpenBSD: syscall.c,v 1.17 2023/12/13 15:57:22 miod Exp $ */ /* * Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com> * @@ -50,7 +50,7 @@ svc_handler(trapframe_t *frame) ap = &frame->tf_x[0]; - if (code < 0 || code >= SYS_MAXSYSCALL) + if (code <= 0 || code >= SYS_MAXSYSCALL) goto bad; callp = sysent + code; diff --git a/sys/arch/hppa/hppa/trap.c b/sys/arch/hppa/hppa/trap.c index 09af95b8da2..f6ec775743d 100644 --- a/sys/arch/hppa/hppa/trap.c +++ b/sys/arch/hppa/hppa/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.163 2023/12/13 11:20:18 miod Exp $ */ +/* $OpenBSD: trap.c,v 1.164 2023/12/13 15:57:22 miod Exp $ */ /* * Copyright (c) 1998-2004 Michael Shalayeff @@ -786,7 +786,7 @@ syscall(struct trapframe *frame) args[3] = frame->tf_arg3; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; if ((argsize = callp->sy_argsize)) { diff --git a/sys/arch/i386/i386/trap.c b/sys/arch/i386/i386/trap.c index 69860df9030..73634e238ab 100644 --- a/sys/arch/i386/i386/trap.c +++ b/sys/arch/i386/i386/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.163 2023/12/12 15:30:55 deraadt Exp $ */ +/* $OpenBSD: trap.c,v 1.164 2023/12/13 15:57:22 miod Exp $ */ /* $NetBSD: trap.c,v 1.95 1996/05/05 06:50:02 mycroft Exp $ */ /*- @@ -544,7 +544,7 @@ syscall(struct trapframe *frame) code = frame->tf_eax; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; argsize = callp->sy_argsize; diff --git a/sys/arch/m88k/m88k/trap.c b/sys/arch/m88k/m88k/trap.c index fc37bc4b363..7e0501c55de 100644 --- a/sys/arch/m88k/m88k/trap.c +++ b/sys/arch/m88k/m88k/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.129 2023/12/12 15:30:56 deraadt Exp $ */ +/* $OpenBSD: trap.c,v 1.130 2023/12/13 15:57:22 miod Exp $ */ /* * Copyright (c) 2004, Miodrag Vallat. * Copyright (c) 1998 Steve Murphree, Jr. @@ -1173,7 +1173,7 @@ m88100_syscall(register_t code, struct trapframe *tf) nap = 8; /* r2-r9 */ // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; i = callp->sy_argsize / sizeof(register_t); @@ -1276,7 +1276,7 @@ m88110_syscall(register_t code, struct trapframe *tf) nap = 8; /* r2-r9 */ // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; i = callp->sy_argsize / sizeof(register_t); diff --git a/sys/arch/mips64/mips64/trap.c b/sys/arch/mips64/mips64/trap.c index 5169bfea123..5fa9c7ef830 100644 --- a/sys/arch/mips64/mips64/trap.c +++ b/sys/arch/mips64/mips64/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.169 2023/12/13 02:31:15 deraadt Exp $ */ +/* $OpenBSD: trap.c,v 1.170 2023/12/13 15:57:22 miod Exp $ */ /* * Copyright (c) 1988 University of Utah. @@ -425,7 +425,7 @@ fault_common_no_miss: code = locr0->v0; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; numarg = callp->sy_narg; diff --git a/sys/arch/powerpc/powerpc/trap.c b/sys/arch/powerpc/powerpc/trap.c index bd20eb437b2..80931f9b0ff 100644 --- a/sys/arch/powerpc/powerpc/trap.c +++ b/sys/arch/powerpc/powerpc/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.132 2023/12/12 15:30:56 deraadt Exp $ */ +/* $OpenBSD: trap.c,v 1.133 2023/12/13 15:57:22 miod Exp $ */ /* $NetBSD: trap.c,v 1.3 1996/10/13 03:31:37 christos Exp $ */ /* @@ -364,7 +364,7 @@ trap(struct trapframe *frame) code = frame->fixreg[0]; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; argsize = callp->sy_argsize; diff --git a/sys/arch/powerpc64/powerpc64/syscall.c b/sys/arch/powerpc64/powerpc64/syscall.c index d2527458940..3d60de8616a 100644 --- a/sys/arch/powerpc64/powerpc64/syscall.c +++ b/sys/arch/powerpc64/powerpc64/syscall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall.c,v 1.12 2023/12/12 15:30:56 deraadt Exp $ */ +/* $OpenBSD: syscall.c,v 1.13 2023/12/13 15:57:22 miod Exp $ */ /* * Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com> @@ -39,7 +39,7 @@ syscall(struct trapframe *frame) code = frame->fixreg[0]; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; nargs = callp->sy_argsize / sizeof(register_t); diff --git a/sys/arch/riscv64/riscv64/syscall.c b/sys/arch/riscv64/riscv64/syscall.c index ed5e534d7e0..2c02730664d 100644 --- a/sys/arch/riscv64/riscv64/syscall.c +++ b/sys/arch/riscv64/riscv64/syscall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall.c,v 1.17 2023/12/12 15:30:56 deraadt Exp $ */ +/* $OpenBSD: syscall.c,v 1.18 2023/12/13 15:57:22 miod Exp $ */ /* * Copyright (c) 2020 Brian Bamsch <bbamsch@google.com> @@ -50,7 +50,7 @@ svc_handler(trapframe_t *frame) code = frame->tf_t[0]; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; nargs = callp->sy_argsize / sizeof(register_t); diff --git a/sys/arch/sh/sh/trap.c b/sys/arch/sh/sh/trap.c index 436a952825b..214dfd9a7da 100644 --- a/sys/arch/sh/sh/trap.c +++ b/sys/arch/sh/sh/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.56 2023/12/13 12:41:31 miod Exp $ */ +/* $OpenBSD: trap.c,v 1.57 2023/12/13 15:57:22 miod Exp $ */ /* $NetBSD: exception.c,v 1.32 2006/09/04 23:57:52 uwe Exp $ */ /* $NetBSD: syscall.c,v 1.6 2006/03/07 07:21:50 thorpej Exp $ */ @@ -527,7 +527,7 @@ syscall(struct proc *p, struct trapframe *tf) code = tf->tf_r0; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; argsize = callp->sy_argsize; diff --git a/sys/arch/sparc64/sparc64/trap.c b/sys/arch/sparc64/sparc64/trap.c index cfaa0b4d266..deb4c527191 100644 --- a/sys/arch/sparc64/sparc64/trap.c +++ b/sys/arch/sparc64/sparc64/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.117 2023/12/12 23:43:35 deraadt Exp $ */ +/* $OpenBSD: trap.c,v 1.118 2023/12/13 15:57:22 miod Exp $ */ /* $NetBSD: trap.c,v 1.73 2001/08/09 01:03:01 eeh Exp $ */ /* @@ -1138,7 +1138,7 @@ syscall(struct trapframe *tf, register_t code, register_t pc) ap = &tf->tf_out[0]; nap = 6; - if (code < 0 || code >= SYS_MAXSYSCALL) + if (code <= 0 || code >= SYS_MAXSYSCALL) goto bad; callp = sysent + code; i = callp->sy_narg; /* Why divide? */ |