summaryrefslogtreecommitdiff
path: root/sys/arch/sh
diff options
context:
space:
mode:
authorMiod Vallat <miod@cvs.openbsd.org>2006-11-10 07:02:56 +0000
committerMiod Vallat <miod@cvs.openbsd.org>2006-11-10 07:02:56 +0000
commite2c26e961ef92c56edcaf47271889a9b850ec026 (patch)
tree382e87175d87982fe3eaea4c9a600db950cccb82 /sys/arch/sh
parent794fbab2256423d9a1761c44b39021a25ab36cb0 (diff)
Enforce correct userspace bounds in copy{in,out}str().
Diffstat (limited to 'sys/arch/sh')
-rw-r--r--sys/arch/sh/sh/locore_subr.S8
1 files changed, 6 insertions, 2 deletions
diff --git a/sys/arch/sh/sh/locore_subr.S b/sys/arch/sh/sh/locore_subr.S
index db5725c8771..2ad7d951ffd 100644
--- a/sys/arch/sh/sh/locore_subr.S
+++ b/sys/arch/sh/sh/locore_subr.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: locore_subr.S,v 1.3 2006/11/02 23:00:28 miod Exp $ */
+/* $OpenBSD: locore_subr.S,v 1.4 2006/11/10 07:02:55 miod Exp $ */
/* $NetBSD: locore_subr.S,v 1.28 2006/01/23 22:52:09 uwe Exp $ */
/*-
@@ -582,6 +582,8 @@ ENTRY(copyoutstr)
mov.l .L_copyoutstr_onfault, r1
mov.l r1, @(PCB_ONFAULT,r2)
mov.l .L_copyoutstr_VM_MAXUSER_ADDRESS, r1
+ cmp/hi r1, r5 /* bomb if udst isn't in user space */
+ bt 4f
mov r1, r0
sub r5, r0
cmp/hi r6, r0 /* don't beyond user space */
@@ -656,8 +658,10 @@ ENTRY(copyinstr)
mov.l r1, @(PCB_ONFAULT,r2)
mov.l .L_copyinstr_VM_MAXUSER_ADDRESS, r1
+ cmp/hi r1, r4 /* bomb if src isn't in user space */
+ bt 4f
mov r1, r0
- sub r5, r0
+ sub r4, r0
cmp/hi r6, r0 /* don't beyond user space */
bf 2f
bra 2f