From f03d0e11f913894e205fa638f173aaac160b66b7 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Tue, 22 Dec 1998 07:58:47 +0000 Subject: range check signal [] conversions --- sys/compat/svr4/svr4_signal.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'sys/compat/svr4') diff --git a/sys/compat/svr4/svr4_signal.c b/sys/compat/svr4/svr4_signal.c index 4531aa74b62..285621567b6 100644 --- a/sys/compat/svr4/svr4_signal.c +++ b/sys/compat/svr4/svr4_signal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: svr4_signal.c,v 1.8 1997/09/15 06:04:58 millert Exp $ */ +/* $OpenBSD: svr4_signal.c,v 1.9 1998/12/22 07:58:46 deraadt Exp $ */ /* $NetBSD: svr4_signal.c,v 1.24 1996/12/06 03:21:53 christos Exp $ */ /* @@ -282,6 +282,9 @@ svr4_sys_sigaction(p, v, retval) caddr_t sg; int error; + if (SCARG(uap, signum) < 0 || SCARG(uap, signum) >= SVR4_NSIG) + return (EINVAL); + sg = stackgap_init(p->p_emul); nssa = SCARG(uap, nsa); ossa = SCARG(uap, osa); @@ -384,16 +387,17 @@ svr4_sys_signal(p, v, retval) syscallarg(int) signum; syscallarg(svr4_sig_t) handler; } */ *uap = v; - int signum = svr4_to_bsd_sig[SVR4_SIGNO(SCARG(uap, signum))]; - int error; + int signum, error; caddr_t sg = stackgap_init(p->p_emul); - if (signum <= 0 || signum >= SVR4_NSIG) { + signum = SVR4_SIGNO(SCARG(uap, signum)); + if (signum < 0 || signum >= SVR4_NSIG) { if (SVR4_SIGCALL(SCARG(uap, signum)) == SVR4_SIGNAL_MASK || SVR4_SIGCALL(SCARG(uap, signum)) == SVR4_SIGDEFER_MASK) *retval = (int)SVR4_SIG_ERR; return EINVAL; } + signum = svr4_to_bsd_sig[signum]; switch (SVR4_SIGCALL(SCARG(uap, signum))) { case SVR4_SIGDEFER_MASK: @@ -619,6 +623,8 @@ svr4_sys_kill(p, v, retval) } */ *uap = v; struct sys_kill_args ka; + if (SCARG(uap, signum) < 0 || SCARG(uap, signum) >= SVR4_NSIG) + return (EINVAL); SCARG(&ka, pid) = SCARG(uap, pid); SCARG(&ka, signum) = svr4_to_bsd_sig[SCARG(uap, signum)]; return sys_kill(p, &ka, retval); -- cgit v1.2.3